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MAINFRAME 
LINUX:  STOPPING 
SERVER  SPRAWL 

Greater  reliability.  Improved  performance. 

Faster  resource  provisioning.  Running  Linux  on 
the  mainframe  may  be  your  best  bet  for  con¬ 
solidating  servers  and  lowering  costs.  Yet  not 
every  application  will  benefit  —  and  knowing 
the  difference  is  a  crucial  measure  of  success. 

See  what  experienced  users  recommend.  PAGE  23 


Microsoft  Adds  a  ’fear  to 
NT  Server  4.0  Support 


Users  feeling  upgrade  pressure  get  a  reprieve, 
but  extension  doesn’t  cover  all  support  options 


BY  CAROL  SLIWA 

Microsoft  Corp.’s  confirma¬ 
tion  last  week  that  it  will  ex¬ 
tend  key  support  provisions 
for  Windows  NT  Server  4.0 
through  2004  provided  a  re¬ 
prieve  for  companies  feeling 
pressure  to  move  off  the  aging 
operating  system. 

Many  corporate  users  that 
are  still  running  Windows  NT 
Server  4.0  said  the  end  of  sup¬ 
port  was  the  primary  reason 


for  their  decisions  to  either 
migrate  off  the  operating  sys¬ 
tem  or  plot  their  upgrade  op¬ 
tions.  Microsoft  had  an¬ 
nounced  in  October  that  the 
extended  support  phase  for 
NT  Server  4.0  would  cease  at 
the  end  of  2003. 

“This  gives  me  more  breath¬ 
ing  room.  Like  all  IS  organiza¬ 
tions,  we’re  just  massively  re¬ 
source-constrained,”  said 
Randy  Truax,  manager  of 


technical  services  at  Metro¬ 
politan  Health  Corp.  in  Grand 
Rapids,  Mich. 

Metropolitan  has  54  Win¬ 
dows  NT  4.0  servers  running 
health  care,  financial  and  sup¬ 
ply  chain  applications,  as  well 
as  SQL  Server  and  various 
utility  tools.  Plans  call  for  the 
IT  department  to  determine 
the  fate  of  those  servers  by  the 
time  the  organization’s  new 
fiscal  year  starts  July  1. 

Truax  said  he’s  now  more 
inclined  to  take  a  closer  look 
at  Windows  Server  2003, 

NT  Server  4.0,  page  49 


Unprepared  Firms  Slammed 


Worm  took  advantage 
of  IT  shops’  failure  to 
use  available  patches 

BY  JAIKUMAR  VIJAYAN 

The  widespread  disruptions 
caused  by  last  week’s  SQL 
Slammer  worm  demonstrated 
yet  again  the  importance  of 
proactive  vulnerability  patch 
management,  users  and  ana¬ 
lysts  said. 

Slammer,  a  self-propagating 
worm  also  dubbed  Sapphire 
and  SQL  Hell,  surfaced  Jan.  25. 
The  worm  infected  computers 
by  means  of  a  known  flaw  in 
Microsoft  Corp.’s  frequently 
patched  SQL  Server  database 
software.  Slammer  works  by 
copying  itself  onto  vulnerable 
computers  and  then  using 
those  systems  to  scan  for  and 


INSIDE;  ANOTHER  FIX 

Use  of  a  free  benchmarking  tool  made 
available  six  months  ago  would  have 
slammed  the  door  on  Slammer.  Page  14 


infect  other  machines  running 
SQL  Server. 

As  was  the  case  with  prede¬ 
cessor  worms  like  Nimda  and 
Code  Red,  Slammer  could 
have  been  thwarted  if  users 
had  applied  a  patch  that  Mi¬ 
crosoft  issued  more  than  six 
months  ago. 

The  administrators  of  af¬ 
fected  servers  “most  certainly 
Slammer,  page  14 


Key  Lessons 


Slammer’s  vast  propagation 
highlighted  the  need  to: 

■  Make  certain  that  any  application 
being  exposed  to  the  Internet  is  main¬ 
tained  at  the  latest  patch  level. 

■  Perform  periodic  vulnerability 
scans. 

B  Block  all  ports  except  those  that 
are  absolutely  essential. 

B  Institute  formal  processes  for 
patch  management  and  remediation. 


Cheap  Cartridge  Option  in  Peril 


Lexmark’s  legal  action 
could  dry  up  printer 
cartridge  aftermarket 

BY  PATRICK  THIBODEAU 

WASHINGTON 

The  remanufactured  toner 
cartridge  industry,  which  pro¬ 
vides  low-cost  printer  car¬ 
tridges  for  many  corporations, 
is  under  a  legal  and  technolog¬ 
ical  assault  that  could  deprive 


IT  managers  of  a  money¬ 
saving  option. 

The  major  printer  manufac¬ 
turers  are  making  changes  to 
cartridge  designs  and  the 
computer  chips  that  mate  a 
cartridge  with  a  printer,  there¬ 
by  making  it  increasingly  diffi¬ 
cult  for  remanufacturers  to  re¬ 
fill  the  cartridges.  It  can  take 
remanufacturers  more  than  a 
year  of  engineering  work  to 

Cartridges,  page  16 
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DEFINE 


DEPLOY 


For  more  than  20  years,  Borland  has  been  accelerating 
application  development.  One  developer  at  a  time.  Today, 
we’re  accelerating  the  entire  development  and  deployment 
team  -  architects,  programmers,  testers,  implementers,  and 
managers.  Speed  and  agility  come  from  our  best-in-class 


#1  independent  path  to  Microsoft®. NET 
#/  in  Linux®  development  solutions* 

# 1  in  Java™  development  solutions* 


products  seamlessly  integrated  in  the  Borland®  Suite  -  erasing 
technology  boundaries  that  prevent  people  from  working 
together.  No  platform  lock  in:  No  arbitrary  process.  Built  for 
tomorrow’s  technology  infrastructure.  Today’s  Borland.  Just  like 
yesterday’s.  Only  faster,  yet.  Accelerate  your  team  today. 


Borlantf 

Excellence  Endures 


450  servers 


12  storage  platforms 


3  operating  systems 


27  nightly  backup  schedules 


And  that's  just  one  office.  Monitor  and  manage  all  your  storage 

from  a  single  point  with  BrightStor  Portal. 


You're  burning  the  midnight  oil.  So  is  your  storage  network.  And  the  only  things  growing  faster  than  your  storage  needs 
are  your  storage  problems.  The  solution?  BrightStor™  Portal.  A  breakthrough  in  enterprise-wide  storage  software  that  provides 
a  single  point  of  management.  With  a  flexible  portal  interface  that's  easy  to  use,  BrightStor  Portal  gives  you  a  customized  view 
of  your  entire  storage  environment  so  you  can  respond  to  any  issue,  anytime,  anywhere.  In-depth  access  to  business-critical 
information  24  x  7  will  help  you  simplify  operations,  increase  productivity  and  maximize  cost  efficiency  across  your  enterprise. 
Hey,  with  more  and  more  issues  under  control,  you  may  actually  get  to  go  home.  ca.com/brightstor/portal 


BrightStor™  Storage  Solutions 
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NEWS 


When  Yanking  the 
Mainframe  Isn’t  an  Option 

In  the  Management  section:  Judith  Franklin  (left) 
turned  the  legacy  system  at  Minnesota’s  DMV  into 
a  Web-enabled  application  that’s  lauded  for  its  con¬ 
venience  and  low  makeover  price.  Page  35 


Inside  Trustworthy  Computing 

In  the  Technology  section:  How  is  Microsoft  doing 
with  its  Trustworthy  Computing  initiative?  Craig 
Mundie,  the  company’s  senior  vice  president  and 
chief  technical  officer  of  advanced  strategies  and 
policy,  gives  Computers  odd.  an  update.  Page  28 
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6  The  SEC  is  probing  i2’s 
finances  for  2000  and  2001, 
as  the  company  reports 
another  loss. 

6  IBM  expands  grid  computing 
offerings  in  a  bid  to  attract 
corporate  users. 

7  Angry  IT  pros  say  the  H-1B 
visa  program  is  still  keeping 
Americans  unemployed. 

7  Doubts  about  ROI  are  slowing 
corporate  handheld  rollouts, 
say  analysts,  but  some  users 
report  fast  paybacks. 

8  Cisco  introduces  quality- 
of-service  functions  for  nine 
of  its  switches  and  routers  to 
create  networks  including 
VOIP  capabilities. 

10  EMC’s  newest  high-end 

Symmetrix  disk  arrays  prompt 
IBM  and  Hitachi  to  announce 
their  own  storage  upgrades. 


23  Moving  Into  Mainframe  Linux. 

Mainframe  Linux  offers  clear 
advantages  to  corporations,  if 
you  choose  the  applications 
carefully. 

29  QuickStudy:  Session  Initiation 

Protocol.  Learn  more  about 
this  signaling  protocol  for  In¬ 
ternet  conferencing,  telepho¬ 
ny,  messaging  and  other  net¬ 
worked  communications. 

30  Emerging  Technologies:  Task- 
Centric  Storage  Takes  the 
Stage.  Intelligent,  inexpen¬ 
sive  ATA-based  storage  appli¬ 
ances  may  redefine  the  role  of 
the  application  server. 

32  Security  Manager’s  Journal: 
Missing  PKI  Root  Key  Causes 
a  Panic  Attack.  When  the 
root  key  appears  to  have  been 
compromised,  Vince  Tuesday 
faces  the  task  of  rebuilding 
the  entire  public-key  infra¬ 
structure. 


8  On  The  Mark:  Mark  Hall  in¬ 
terviews  a  slew  of  security 
experts  who  are  frustrated 
by  users’  ongoing  failure  to 
secure  their  systems. 

20  Maryfran  Johnson  warns  IT 
pros  about  the  inevitable  fu¬ 
ture  in  which  more  of  their  in- 
house  jobs  will  be  outsourced. 

20  Pimm  Fox  claims  vendors  try 
to  clamp  down  on  free  speech 
by  users  through  licensing  re¬ 
strictions.  A  recent  court  case, 
he  says,  helps  to  right  that 
wrong. 

21  Thornton  May  thinks  IT  exec¬ 
utives  tell  the  truth  —  most  of 
the  time  —  but  seldom  com¬ 
municate  it  effectively. 

34  Robert  L.  Mitchell  says  com¬ 
peting  vendors  should  stop 
blaming  Microsoft  for  their 
troubles  and  pay  more  atten¬ 
tion  to  users’  needs  instead. 


10  Two  vendors  team  with  EMC 
to  develop  e-mail  storage 
technology  to  help  financial 
services  firms  comply  with 
record-keeping  requirements. 


12  The  Department  of  Homeland 
Security  must  deal  with  lead¬ 
ership  turnover  while  retain¬ 
ing  private-sector  credibility. 

. 

16  Computer  Associates  inte¬ 
grates  a  portal  server  with 
business  intelligence  tools  to 
reduce  integration  headaches. 


49  Niche  vendors  catch  users’ 
eyes  at  Lotusphere  with  add¬ 
ons  that  fill  gaps  in  Lotus  and 
Domino  functionality. 


MANAGEMENT 


37  How  To:  You  aren’t  a  security 
expert  or  an  auditor,  yet 
you’re  the  go-to  guy  for  the 
company’s  IT  security  audit. 
Here’s  how  to  get  started. 

38  Perk  Watch:  BMWs  Are  Out, 
Bowling  Is  In.  Some  compa¬ 
nies  on  tight  budgets  are  doing 
their  best  to  keep  IT  talent. 

40  Steal  This  Idea:  Getting  the 
Right  Person  at  the  Right 
Time.  Dow  reduced  its  hiring 
cycle  time  by  consolidating  its 
worldwide  recruiting  and  hir¬ 
ing  efforts  through  an  ASP. 


50  Frankly  Speaking:  Frank 
Hayes  smacks  CERT,  the  gov¬ 
ernment-funded  cyberthreat 
information  clearinghouse, 
for  passing  along  security 
alerts  to  bug  chasers’  com¬ 
petitors  and  potential  clients 
—  prior  to  public  release. 
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Prevent  Data  Loss 

STORAGE:  Avoid  the  dreaded  “I  told  you  so”  by  using 
these  preventive  tips.  QuickLink:  k1700 


Don’t  Blame  Microsoft 

DISCUSSION  FORUM:  After  reading  Robert  L. 
Mitchell’s  column,  “Just  Pin  It  on  Microsoft,"  on  page 
34,  post  your  opinion  and  read  what  others  have  to  say. 

QuickLink:  a2850 


The  Business  of  Security 

KNOWLEDGE  CENTER:  See  how  new  federal  rules  on 
privacy  protection  affect  identity  management  technology, 
as  well  as  contrasting  strategies  used  by  Microsoft  and  the 
Liberty  Alliance  Project.  QuickLink:  k1600 


Linux  on  Laptops 

OPERATING  SYSTEMS:  SCO  Group’s  senior  vice  pres¬ 
ident  of  technology  offers  tips  on  how  to  achieve  a  success¬ 
ful  install.  QuickLink:  35852  And  don't  miss  the  related 
online  forum  discussion:  Is  Linux  ready  for  laptops? 

QuickLink:  a2880 


Second  Chance  at  Wireless 

MOBILE/WIRELESS:  Made2Manage  System's  Gary 
Rush  says  Microsoft's  introduction  of  the  Mobile  Internet 
Toolkit  has  given  companies  a  new  chance  to  explore  a  wire¬ 
less  manufacturing  strategy.  QuickLink:  35996 

Smarter  Tools, 

Dumber  Developers? 

DEVELOPMENT:  Can  anyone  explain  why  tools  get 
smarter  while  developers  grow  dumber?  Or  is  columnist  Lin¬ 
da  Hayes  missing  something?  QuickLink:  35887 


What’s  a  QuickLink? 

On  some  pages  in 
this  issue  you'll  see 
a  QuickLink  code  pointing 
to  additional,  related  con¬ 
tent  on  our  Web  site.  Just 
enter  that  code  into  our 
QuickLink  box.  which 
you’ll  srre  at  the  top  of 
each  page  on  our  site. 
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Vendors  Promise 
Mobile  Java  Spec 


A  group  of  vendors  led  by  Sun  Mi¬ 
crosystems  Inc.  detailed  a  road 
map  for  creating  a  unified  specifi¬ 
cation  that  companies  could  use 
to  develop  wireless  Java  applica¬ 
tions.  The  group,  which  includes 
more  than  a  dozen  makers  of  mo¬ 
bile  devices,  said  the  specification 
should  be  finished  by  midyear. 
Compliant  devices  are  expected  to 
be  available  starting  in  the  fall. 


IBM  Plots  App 
Server  Upgrade 

IBM  announced  that  it’s  develop¬ 
ing  an  upgrade  of  its  WebSphere 
application  server  software  that 
will  include  new  capabilities  for 
managing  business-process  work- 
flows.  The  upgrade  is  due  by 
midyear  and  will  include  new  Web 
services  functionality  that  Sun  is 
building  into  the  next  version  of 
its  Java  2  Enterprise  Edition  tech¬ 
nology,  said  Scott  Hebner,  the 
director  of  WebSphere  marketing 
at  IBM. 

AMD  Revamps 
64-bit  Chip  Plans 

Advanced  Micro  Devices  Inc.  said 
it  plans  to  launch  its  64-bit 
Opteron  microprocessor  for 
servers  and  workstations  in  April. 
But  the  Sunnyvale,  Calif.-based 
company  added  that  its  Athlon  64 
chip  for  desktop  PCs  has  been  de¬ 
layed  for  a  second  time.  The 
Athlon  64,  which  also  is  a  64-bit 
device,  is  now  due  for  release  in 
September,  AMD  said. 

Short  Takes 

SUN  said  it  will  announce  its  plans 
to  expand  the  level  of  Web  ser¬ 
vices  support  in  Java  this  week 
but  wouldn’t  disclose  any  details. 
...  THE  INSTITUTE  FOR  INFORMA¬ 
TION  INFRASTRUCTURE  PROTEC¬ 
TION,  a  group  of  23  colleges  and 
research  laboratories,  released  a 
report  calling  for  the  U.S.  govern¬ 
ment  and  private-sector  compa¬ 
nies  to  increase  spending  on 
cybersecurity  research. 
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SEC  Examines  i2’s  Books  as 
Vendor  Reports  Another  Loss 


Finn  plans  to  reaudit  2000, 2001  results 


BY  MARC  L.  SONGINI 

upply  chain  software 
vendor  i2  Technologies 
Inc.  last  week  reported 
its  fifth  straight  quar¬ 
terly  loss  and  confirmed  that 
the  U.S.  Securities  and  Ex¬ 
change  Commission  is  now 
probing  its  finances. 

The  Dallas-based  company 
said  the  SEC  has  opened  an  in¬ 
formal  inquiry  into  its  finan¬ 
cial  reporting  for  2000  and 
2001.  The  SEC’s  decision  came 
after  i2  told  the  agency  about 
two  former  i2  executives’  alle¬ 
gations  of  accounting  irregu¬ 
larities. 

12  last  week  also  announced 
that  its  board  has  asked  audi¬ 
tor  Deloitte  &  Touche  LLP  to 
reaudit  the  numbers  that  the 
company  reported  for  2000 
and  2001.  The  company  noted 
that  the  new  audit  could  im¬ 
pact  its  fourth-quarter  2002 
results,  which  it  described  as 
preliminary. 

“It  would  be  very  discourag¬ 
ing  and  disruptive  to  see  i2 
lose  focus,”  said  Richard 
Scheerer,  vice  president  of  IT 


at  The  Clarks  Companies, 
North  America.  Clarks,  a 
shoemaker  in  Newton  Upper 
Falls,  Mass.,  has  implemented 
several  of  i2’s  order  manage¬ 
ment  and  supply  chain  plan¬ 
ning  applications. 

Scheerer  said  i2  hasn’t  let 
him  down  so  far.  But  he  added 
that  he’s  always  concerned 
about  the  viability  of  his  soft¬ 
ware  vendors,  and  he  empha¬ 
sized  the  need  for  i2  to  contin¬ 
ue  upgrading  its  product  line. 

On  the  other 
hand.  Gene 
Hunt,  chairman 
of  the  Atlanta- 
based  i2  User 
Group’s  board  of 
directors,  ap¬ 
plauded  the  firm’s  reaudit 
plans.  “We  think  this  indicates 
a  sense  of  openness  and  confi¬ 
dence  about  the  business,” 
Hunt  said  in  a  letter  to  i2’s 
management. 

Hunt,  who  is  a  member  of 
the  technical  staff  at  Texas  In¬ 
struments  Inc.  in  Plano,  Texas, 
added  in  the  letter  that  i2’s 
employees  “are  demonstrating 


a  desire  to  maintain  and  im¬ 
prove  customer  satisfaction.” 

“While  this  could  defocus 
i2,  it  should  have  little  effect 
on  the  user  base,”  said  Gartner 
Inc.  analyst  Karen  Peterson. 
She  added  that  the  reaudit  and 
SEC  disclosures  “masked  the 
fact  that  i2  actually  did  better 
than  expected  last  quarter.” 

12  CEO  Sanjiv  Sidhu  down¬ 
played  the  chances  that  the 
company’s  financial  picture 
would  be  radically  changed  by 
the  new  audit.  Referring  to  the 
preliminary  fourth-quarter  re¬ 
sults,  Sidhu  said  i2’s  manage¬ 
ment  has  “basic 
comfort  in  their 
stability.” 

12  announced 
a  fourth-quarter 
loss  of  $12.4  mil¬ 
lion,  which  in¬ 
cluded  a  $23  million  restruc¬ 
turing  charge  to  cover  the  cost 
of  additional  layoffs.  Revenue 
totaled  $119.9  million,  down 
from  $193.9  million  reported 
for  the  fourth  quarter  of  2001. 

It  would  be  surprising  if  i2 
users  didn’t  have  any  concerns 
about  the  current  situation, 
said  Andrew  Ball,  a  London- 
based  analyst  at  Frost  &  Sulli- 


Financial  Probe 

Key  events  leading  tip  to  the 
SEC’s  decision  to  examine  i2’s 
accounting  practices: 

■  The  SEC  is  following  up  on  i2’s 
Form  10-Q  filing  for  last  year’s 
third  quarter,  in  which  the 
company  said  it  was  reauditing 
its  results  for  2000  and  2001. 

■  The  internal  reaudit  was 

prompted  by  complaints  from  two 
former  i2  vice  presidents  about  a 
wide  variety  of  alleged  financial 
improprieties. 

■  According  to  the  10-Q  filing, 

the  two  claimed  that  i2  had  faulty 
accounting  and  revenue-recogni¬ 
tion  procedures  and  inadequate 
financial  controls. 

■  The  audit  committee  of  i2’s 
board  found  the  allegations  to  be 
groundless,  but  the  company  has 
asked  its  external  auditor  to 
check  the  numbers. 


van  Inc.  Ball  added  that  the 
problems  at  i2  stem  from  the 
company’s  behavior  during 
the  boom  years  of  IT  industry 
growth.  “12  flew  too  close  to 
the  sun  during  the  good  times 
and  is  now,  like  Icarus,  paying 
the  consequences,”  he  said.  I 


THE  VIEW  FROM  i2 

CEO  Sanjiv  Sidhu  talks  about  i2’s 
problems  and  efforts  to  turn  it  around: 

OQuickLink  35956 
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IBM  Targets  Corporate 
Users  With  Grid  Computing 


BY  JAIKUMAR  VIJAYAN 

IBM  last  week  announced  an 
initiative  to  expand  its  grid 
computing  offerings  from  its 
traditional  niche  in  academia 
and  research  to  commercial 
enterprises. 

Under  the  plan,  IBM  will 
deliver  10  separate  grid  com¬ 
puting  bundles  optimized  for 
companies  in  five  vertical  in¬ 
dustries. 

For  financial  services  users, 
IBM  is  offering  a  trading  ana¬ 
lytics  acceleration  grid  and  an 
IT  optimization  grid  to  help 
exploit  underutilized  comput¬ 
ing  and  storage  resources. 


Similarly,  for  users  in  the 
life  sciences  space,  IBM  will 
offer  grid  technologies  that 
can  dramatically  increase  the 
number  of  calculations  proc¬ 
essed  during  drug  research. 
And  an  engineering  design 
grid  is  aimed  at  improving  re¬ 
source  utilization  for  automo¬ 
tive  companies. 

The  goal  is  to  let  new  users 
take  advantage  of  the  same 
collaborative  computing  func¬ 
tionality  that  grid  computing 
has  delivered  to  others  for 
several  years,  said  Tom  Hawk, 
general  manager  of  IBM’s  grid 
computing  business. 


“What  we  have  done  is  to 
take  preconfigured  IBM  soft¬ 
ware,  middleware,  hardware 
and  integration  functionality 
and  box  it  up”  for  use  in  vari¬ 
ous  industries.  Hawk  said. 

Lower  Cost  of  Entry 

Butterfly.net  Inc.,  a  provider  of 
multiplayer  online  PC,  con¬ 
sole  and  mobile  games,  has 
based  its  network  on  IBM  grid 
computing  technologies. 

Butterfly  is  using  the  open- 
source  Globus  Toolkit,  togeth¬ 
er  with  a  grid-enabled  version 
of  IBM’s  WebSphere  applica¬ 
tion  server  and  some  in-house 
software,  to  link  more  than 
500  IBM  blade  servers  across 
multiple  cities. 

The  company  first  consid¬ 
ered  using  large  servers  and 


clustering  technologies.  But 
the  grid  approach  allows  for 
better  resource  utilization  and 
more  flexibility  in  allocating 
resources  to  applications  as 
they  are  needed,  said  David 
Levine,  CEO  and  founder  of 
the  Martinsburg,  WVa.,  firm. 

“The  cost  of  entry  is  also  a 
lot  lower  because  you  can 
start  with  commodity  sys¬ 
tems,”  Levine  said.  “I  can  see 
where  an  approach  like  this 
might  make  sense”  in  the  mar¬ 
kets  that  IBM  is  now  targeting. 

As  part  of  the  initiative,  IBM 
last  week  announced  that  it 
will  work  with  two  grid  mid¬ 
dleware  vendors  —  Platform 
Computing  Inc.  in  Markham, 
Ontario,  and  DataSynapse  Inc. 
in  New  York  —  to  deploy 
grids  in  enterprises.  ft 
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H-1B  Visa  Count  Down 

Jobless  protesting  program  despite  a 
decrease  in  the  number  of  H-lBs  issued 


BY  PATRICK  THIBODEAU 

WASHINGTON 

In  a  year  when  the  U.S.  began 
what  has  been  characterized 
as  a  jobless  recovery,  immigra¬ 
tion  authorities  issued  79,100 
H-1B  visas,  a  sharp  decline 
from  previous  years.  But  that’s 
cold  comfort  for  displaced 
workers. 

The  number  of  H-1B  visas 
issued  in  the  fiscal  year  that 
ended  Sept.  30  was  well  under 
the  195,000  cap  set  by  Con¬ 
gress,  and  less  than  half  the 
163,600  issued  by  the  U.S.  Im¬ 
migration  and  Naturalization 
Service  in  fiscal  2001. 

Supporters  of  the  H-1B  pro¬ 
gram  say  the  decline  indicates 
that  the  program  is  working,  is 
self-regulating  and  isn’t  being 
abused  by  employers.  H-1B 
visas  are  used  to  bring  skilled 
workers,  many  of  them  IT  pro¬ 
fessionals,  into  the  U.S.  They 
are  good  for  up  to  six  years. 


But  opponents,  who  are  in¬ 
creasingly  coalescing  into 
grass-roots  organizations,  say 
the  H-1B  numbers  tell  only 
part  of  the  story.  They  con¬ 
tend  that  employers  are  still 
bringing  in  large  numbers  of 
foreign  workers,  but  they’re 
doing  so  under  programs  such 
as  the  L-l  visa,  which  is  used 
for  employees  who  are  trans¬ 
ferred  by  multinational  firms 
to  work  in  the  U.S. 

Much  attention,  however, 
will  be  focused  on  the  H-1B 
cap,  which  will  remain  at 


,  Anger  Up 

195,000  this  year  but  is  set  to 
decline  in  Fiscal  2004  to 
65,000. 

Harris  Miller,  president  of 
the  Information  Technology 
Association  of  America  in  Ar¬ 
lington,  Va.,  said  he  doesn’t 
know  whether  his  industry 
group  will  fight  the  decrease 
to  65,000.  “It  will  be  hard  to 
convince  Congress”  of  the 
need  for  a  higher  cap  “if  you 
have  no  recovery  or  a  jobless 
recovery,”  he  said. 

Among  the  grass-roots  op¬ 
position  organizers  is  Peter 
Bennett,  a  Danville,  Calif.,  res¬ 
ident  who  operates  a  Web  site 
called  NoMoreHlb.com.  Ac¬ 
cording  to  Bennett,  many  dis¬ 


placed  workers  are  ready  to 
act  if  Congress  moves  to  in¬ 
crease  the  cap.  “It  will  trigger 
an  onslaught  of  calls”  to  law¬ 
makers,  he  said. 

5.1%  Unemployment  Rate 

One  organization  that  has 
been  critical  of  the  H-1B  pro¬ 
gram  is  the  IEEE-USA,  a  unit 
of  the  Institute  of  Electrical 
and  Electronics  Engineers  Inc. 

According  to  the  Bureau  of 
Labor  Statistics,  there  are 
94,000  unemployed  computer 
scientists  in  the  U.S.  That’s  an 
unemployment  rate  of  5.1%  in 
that  field,  said  George  F.  Mc¬ 
Clure,  who  chairs  the  IEEE’s 
Career  and  Workforce  Policy 
Committee.  H-1B  visa  holders 
“are  all  competing  for  the 
same  small  pot  of  jobs,  and  we 
don’t  think  that  is  a  good 
thing,”  he  said. 

Eight  weeks  ago,  some  un¬ 
employed  IT  workers  in  Con¬ 
necticut  formed  The  Organi¬ 
zation  for  the  Rights  of  Ameri¬ 
can  Workers.  It  started  as  an 
informal  networking  effort, 
but  an  organizational  meeting 
required  a  hall  to  accommo¬ 
date  65  attendees.  The  group 


iff  H  We  have 
m  m  members 
that  are  about  to 
lose  their  homes. 
We  have  to  make 
the  public  aware  of 
what’s  going  on. 

JOHN  BAUMAN,  VICE  PRESIDENT, 

THE  ORGANIZATION  FOR  THE  RIGHTS 
OF  AMERICAN  WORKERS 

now  has  200  members. 

“We  have  members  that  are 
about  to  lose  their  homes,” 
said  John  Bauman,  vice  presi¬ 
dent  of  the  Meriden-based  or¬ 
ganization.  “We  have  to  make 
the  public  aware  of  what’s  go¬ 
ing  on.” 

Nate  Viall,  a  Des  Moines, 
Iowa-based  recruiter  who  spe¬ 
cializes  in  Finding  candidates 
for  IBM  iSeries  application  de¬ 
velopment,  said  that  although 
there’s  no  shortage  of  quali¬ 
fied  U.S.  workers  to  fill  those 
jobs,  he  has  seen  U.S.  workers 
lose  out  to  H-1B  visa  holders. 
“It’s  always  about  the  money,” 
said  Viall.  i 


Beyond  the  Cap 

Fiscal 

2000 

Fiscal 

2001 

Visa  cap 

195,000 

195,000 

Visas  issued 

163,000 

79,100 

Visas  issued  in 
exempt  category* 

342,000 

i . .  ™  . “| 

215,000 

*  Exempt  category  includes  organizations  such  as  schools  and  nonprofit  research  groups. 


Analysts  Say  Doubts  About  R0I  Are 
Slowing  Corporate  Handheld  Rollouts 

Mobile  device  sales  drop  off,  although 
some  users  are  reporting  fast  paybacks 


BY  BOB  BREWIN 

Vendors  of  handheld  devices 
had  “dismal”  sales  last  year, 
with  worldwide  product  ship¬ 
ments  dropping  9.1%  from 
their  2001  level,  according  to  a 
report  released  last  week  by 
Dataquest  Inc. 

That  Finding  dovetails  with 
a  report  on  the  handheld  mar¬ 
ket  released  in  December  by 
Framingham,  Mass.-based 
IDC,  which  estimated  that 
sales  of  the  devices  in  2002 
would  be  down  2.1%  on  a  year- 
over-year  basis.  Dataquest  and 
IDC  analysts  both  said  that 
slower  rates  of  adoption  by 
corporate  users  are  hurting 
the  once-hot  handheld  market. 

Todd  Kurt,  an  analyst  at  San 
Jose-based  Dataquest,  estimat¬ 


ed  that  more  than  70%  of  the 
handhelds  sold  last  year  were 
bought  by  consumers.  The 
corporate  market  stagnated 
due  to  the  weak  economy  and 
a  perception  among  users  that 
handhelds  “are  not  yet  capable 
of  delivering  sufficient  return 
on  investment,”  he  said. 

Making  the  Effort 

However,  some  experienced 
users  disputed  Kurt’s  take  on 
ROI  and  said  that  if  imple¬ 
mented  the  right  way,  mobile 
devices  can  have  a  quick  and 
continuing  payoff  in  corporate 
settings.  But  doing  it  right  can 
take  some  work,  they  added. 

Andy  Johnson,  general  man¬ 
ager  of  AEX  LLC,  a  Phoenix- 
based  financial  courier  service 


that  operates  in  100  cities  in 
seven  Southwestern  states, 
faulted  handheld  vendors  and 
their  software  partners  for  not 
developing  applications  that 
can  be  easily  adopted  by  vari¬ 
ous  vertical  industries. 

AEX  has  equipped  54  of  its 
couriers  with  ruggedized 
handheld  devices  made  by 
Symbol  Technologies  Inc.  in 
Holtsville,  N.Y.,  as  well  as  in¬ 
truck  Global  Positioning  Sys¬ 
tem  receivers  and  mobile  ap¬ 
plications  developed  by  At 
Road  Inc.  in  Fremont,  Calif. 

Johnson  said  AEX  has  got¬ 
ten  a  signiFicant  return  in 
terms  of  increased  productivi¬ 
ty  from  the  technology.  But  he 
added  that  although  At  Road 
provided  AEX  with  a  tem¬ 
plate,  the  software  needed  to 
be  modified  to  meet  its  needs. 

Tom  Allen,  At  Road’s  chief 
operating  officer,  said  some  IT 


managers  are  reluctant  to  em¬ 
brace  mobile  devices  because 
of  the  cost  and  complexity  of 
hooking  them  into  corporate 
systems.  Moreover,  many 
users  are  simply  confused  by 
all  the  rival  devices  and  oper¬ 
ating  systems  on  the  market, 
he  said. 

Rob  McClellan,  director  of 
supply  chain  management  and 
e-services  at  Taylor  Made  Golf 
Co.  in  Carlsbad,  Calif.,  said 
he’s  in  the  process  of  deploy¬ 
ing  Symbol  handhelds  to  an 
85-person  sales  force.  The  goal 
of  the  rollout  is  to  increase 
productivity  and  improve  in¬ 
ventory  management  at  the 
maker  of  golfing  equipment 
and  apparel. 

McClellan  said  salespeople 
who  already  have  the  hand¬ 
helds  use  their  bar-coding  ca¬ 
pabilities  to  track  inventories 
at  golf  pro  shops  and  equip¬ 
ment  stores.  Automating  that 
process  alone  saves  an  hour 
per  worker  each  day,  he  said. 
And  since  the  sales  force  can 
now  transmit  inventory  data 


electronically  instead  of  faxing 
it,  McClellan  said  he  is  receiv¬ 
ing  information  that  he  needs 
to  forecast  buying  trends  on  a 
more  timely  basis.  ► 


Palm’s  Up 


Dataquest’s  breakdown  of 
2002  handheld  device  ship¬ 
ments,  by  operating  system: 


-  ■  •  .  ■ 

\  3  6.7  million  devices  running 

«  the  Palm  OS  operating  system 


u 

!  51 3.1  million  devices  running 

§  Mict  oscft's  Windows  CE  and 

§  Pocket  PC  software 

< 

jjJ  8E  2.3  million  devices  running 
|  jj  other  opera  ling  systems 
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MARK  HALL  ■  ON  THE  MARK 

IT  Users  Botch 
Security  Again . . . 

. . .  and  again.  The  Slammer  worm  being  the  latest  in  a  long  history  of 
utterly  incompetent  computer  security  procedures  by  IT  systems  man¬ 
agers.  Blame  software  developers,  if  it  makes  you  feel  better.  But  IT 
buyers  are  the  major  problem.  Security  vendors  would  despair  at  the 
consistent  foolishness  of  users  if  they  didn’t  make  so  much  money 
from  fixing  the  problems  —  usually  after  the  fact.  “IT  buyers  have 
tremendous  control  over  the  quality  of  security  in  the  products 


they  buy,  but  they  don’t  use  it,”  argues 
Jerry  Brady,  chief  technology  officer  at 
Guardent  Inc.  in  Waltham,  Mass.  Instead, 
he  says,  all  users  ask  of  software  vendors 
is  that  the  products  be  quick  to  market, 
compatible  with  the  old  stuff  and  cheap. 
Well,  you  get  what  you  pay  for.  Brady’s  com¬ 
pany  offers  consultation  and  managed  se¬ 
curity  services  to  compa¬ 
nies  that,  by  and  large, 
have  already  been  burned 
by  a  costly  security 
breach.  He  says  packaged 
software  is  bad,  but  in- 
house  developers  “are  no 
better  or  smarter  than 
those  at  Microsoft  or  Sun.” 

He  claims  that  little  has 
been  learned  by  program¬ 
mers  over  the  years.  To 
wit:  “I  find  the  same  three 
programming  errors  in  appli¬ 
cations  today  that  cause  90% 
of  the  security  problems 
that  I  found  10  years  ago.” 

For  those  who  need  a  re¬ 
fresher  course,  they  are:  1) 
buffer  overflows,  2)  format 
string  errors,  and  3)  user 
input  validation  failures. 


■  Robert  Handler,  an  analyst  at  Meta 
Group,  thinks  there  has  been  a  “collective 
consciousness  change  since  9/11”  on  design¬ 
ing  security  into  systems  from  the  get-go. 
But  he  doesn’t  see  a  “holistic  way”  for  en¬ 
terprise  IT  architects  to  accomplish  it  to¬ 
day.  Jan  Popkin,  CEO  of  New  York-based 
Popkin  Software  &  Systems  Inc.,  a  com¬ 
pany  that  has  been  selling 
IT  system  architectural 
tools  since  1986,  agrees 
that  9/11  was  a  turning 
point.  The  company  bol¬ 
stered  the  security  fea¬ 
tures  in  its  recently  re¬ 
leased  System  Architect 
V9  and  will  do  even  more 
in  the  next  version  slated 
for  later  this  year.  In  addi¬ 
tion  to  more  tightly  inte¬ 
grating  security  processes 
into  the  next  upgrade, 
Popkin  will  add  support 
for  the  new  Department  of 
Defense  Architectural  Frame¬ 
work  and  integrate  a  wider 
array  of  XML-based  busi¬ 
ness  process  modeling 
languages.  ■  Since  you 
can’t  rearchitect  your  lega¬ 


cy  environment,  you  might  consider 
exerting  a  little  more  control  over  it  by  adding 
security  tools  such  as  STAT  Neutralizer 
from  Harris  Corp.  in  Melbourne,  Fla.  The 
2.0  version  of  STAT  Neutralizer  ships  lat¬ 
er  this  month  with  support  for  Windows 
XP  Service  Pack  1  and  Windows  2000 
Service  Pack  3,  as  well  as  support  for 
HTTP,  e-mail  clients,  instant  messaging 
applications  and  other  services.  The  soft¬ 
ware  doesn’t  detect  intrusions  by  viruses 
or  worms.  Rather,  it  loads  with  the  OS 
kernel  and,  through  specific  rules  that 
come  standard  or  are  added  by  system 
administrators,  prevents  disallowed  behavior 
by  applications.  According  to  Richard 
Ealiari,  director  of  product  strategy  at 
Harris,  security  problems  like  the  Slam¬ 
mer  worm  occur  because  sysadmins  nev¬ 
er  get  around  to  loading  existing  patches 
because  they  have  to  manage  the  down¬ 
time  problem.  Plus,  most  system  man¬ 
agers  don’t  want  to  add  patches  willy-nil¬ 
ly  to  their  computers  without  first  testing 
them  with  existing  applications.  STAT 
Neutralizer  can  “give  users  peace  of 
mind”  until  the  patches  are  tested  and  in¬ 
stalled,  Ealiari  says.  ■  More  than  peace  of 
mind  is  what  you’ll  get  starting  today 
from  Gilian  Technologies  Inc.  The  Red¬ 
wood  City,  Calif.-based  company  will  of¬ 
fer  a  minimum  $25,000  money-back  guaran¬ 
tee  for  Web  applications  and  content  that 
are  protected  by  its  G-Server  security  ap¬ 
pliance.  ■  Apple’s  penchant  for  secrecy 
mitigated  by  its  love  of  self-promotion  merges 
messily  with  its  Web  site  housing  the 
“public  beta”  of  the  rather  old-fashioned 
Xll  Windows  System,  the  Unix  world’s 
graphical  user  interface.  It  will  run  on 
the  Mac  along  with  the  graphically  rich 
OS  X  ( http://developer.apple.com/qa/ 
qa200Vqal232.html ),  making  the  project 
sort  of  a  technological  oxymoron.  Ap¬ 
propriately,  like  the  future  of  Xll  on  the 
Mac,  most  of  the  links  on  the  page  go 
nowhere.  I 


Good  Deals 


J2EE  developers  tomor¬ 
row  can  get  a  free  trial 
copy  of  ObjectAssembler 
2.5  from  ObjectVenture 
Inc.’s  Web  site.  The  new 
release  adds  pattern  and 
strut  support  among  other 
new  goodies.  If  you  like  it, 
you’ll  fork  over  $1,999. 

JMR  Electronics  Inc.  today 
ships  its  new  Fortra  IDE 
storage  systems  for  high- 
performance,  high-capac¬ 
ity  Ultra  SCSI  and  Fibre 
Channel  RAID  systems 
starting  at  $9,950  and 
$10,950,  respectively. 


Cisco  Launches  Network 
Quality-of-Service  Tools 


HP,  Delphi  Expand 
SAP  Services  Deal 


Hewlett-Packard  Co.  said  it  has 
expanded  a  technology  and  IT 
services  deal  under  which  it  runs 
SAP  AG’s  business  applications 
for  Delphi  Corp.,  a  Troy,  Mich.- 
based  supplier  of  automotive 
parts.  Under  a  new  five-year 
agreement,  SAP  systems  for 
Delphi’s  operations  in  North 
America  and  Singapore  will  be 
consolidated  on  HP  servers  and 
managed  from  the  vendor’s 
Toronto  data  center. 


Alcan  Outsources 
Operations  to  CGI 

Alcan  Inc.,  a  Montreal-based 
maker  of  aluminum  and  packag¬ 
ing  materials,  said  it  has  final¬ 
ized  a  10-year  IT  outsourcing 
deal  valued  at  about  $110  million 
(U.S.)  with  CGI  Group  Inc.  CGI, 
also  in  Montreal,  will  take  over 
management  of  Alcan’s  help 
desk  operations,  data  centers 
and  messaging  systems.  The  two 
companies  had  announced  a  ten¬ 
tative  agreement  last  July. 


IBM,  British  Airline 
Agree  on  Pact 

IBM  and  Luton,  England-based 
Britannia  Airways  Ltd.  said 
they’re  developing  a  system  that 
wiil  use  IBM’s  ThinkPad  X24 
notebook  PCs  and  a  wireless 
networ  k  to  electronically  store 
flight  manuals  and  safety  infor¬ 
mation  in  airplane  cockpits.  The 
data  will  be  updated  via  the 
wireless  link.  The  deal  is  worth 
about  $1.6  million,  IBM  said. 

Short  Takes 

European  Union  officials  said 
MICROSOFT  CORP.  has  agreed  to 
make  “substantial  changes”to 
its  .Net  Passport  identity  man¬ 
agement  software  in  order  to 
conform  to  European  data  priva¬ 
cy  laws _ SAP  dropped  the 

dot-com  reference  from  its  appli¬ 
cations  product  line,  which  is 
now  called  mySAP  Business 
Suits. 


BY  MATT  HAMBLEN 

Cisco  Systems  Inc.  last  week 
introduced  automated  quality- 
of-service  functions  for  nine 
of  its  switches  and  routers,  a 
move  aimed  at  helping  users 
create  converged  networks 
that  include  voice-over-IP 
(VOIP)  capabilities. 

Currently,  setting  up  IP  net¬ 
works  with  VOIP  support  of¬ 
ten  requires  IT  managers  to 
do  complex  manual  tuning  of 


each  router  in  a  LAN  or  a 
WAN,  said  Zeus  Kerravala,  an 
analyst  at  The  Yankee  Group 
in  Boston.  The  settings  are  de¬ 
signed  to  look  at  IP  packets 
and  zip  them  on  their  way  if 
they  are  deemed  high  priori¬ 
ties,  such  as  voice  or  video 
traffic.  Because  the  process  is 
so  complex,  only  9%  of  com¬ 
panies  even  turn  on  quality-of- 
service  functions,  Kerravala 
said.  The  result,  he  added,  is 


that  some  functions,  such  as 
VOIP,  might  not  be  adopted  as 
widely  as  they  could  be. 

Cisco  claimed  that  its  Auto- 
QoS  technology  can  help  com¬ 
panies  speed  up  IP  network 
deployments  and  reduce  in¬ 
stallation  costs  by  as  much  as 
two-thirds.  AutoQoS  is  free  to 
users  with  licenses  and  main¬ 
tenance  agreements  for  Cis¬ 
co’s  internetworking  software. 

Glenn  Whalley,  head  of  IP 
network  engineering  at  BT- 
exact  Technologies  in  Adastral 
Park,  England,  is  using  Auto- 
QoS  to  set  up  routers  that  sup¬ 
port  virtual  private  network 


services  offered  by  the  BT 
Group  PLC  unit.  “[Quality  of 
service]  is  complex  to  imple¬ 
ment,  and  anything  automating 
that  is  a  good  thing,”  he  said. 

Nortel  Networks  Ltd.  pro¬ 
vides  technology  similar  to 
AutoQoS  but  hasn’t  widely 
publicized  its  availability,  ac¬ 
cording  to  Kerravala.  Ralph 
Santitoro,  director  of  network 
architecture  at  Nortel,  said  his 
company  has  offered  default 
quality-of-service  settings 
since  1999  on  its  Passport 
8600  Layer  3  core  router,  sev¬ 
eral  other  routers,  a  VOIP 
gateway  and  IP  phones.  I 


THE  STRAIGHT  GOODS  ON  SOFTWARE  INTEGRATION 
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INTEGRATION 

IS  ONCE  AGAIN  A 

POLITICAL  ISSUE 
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The  Software 
Integration  Company. 

We  can  help  you  integrate 
all  the  data  and  business 
applications  in  your 
enterprise  and  extend 
them  to  any  location  in 
the  world.  So  you  can 
improve  efficiency  while 
preserving  your  existing 
infrastructure  investments. 


Our  PATRIOTcompliance 
Solution  can  help  you 
meet  the  stringent  new 
requirements  of  the  USA 
PATRIOT  Act.  It's  secure, 
unobtrusive  and  cost- 
effective. 

And  it's  just  one  of  the 
software  integration 
solutions  available 
today  from  Sybase. 

Leveraging  our  expertise 
in  database  technology 
and  powerful  new 
integration  tools,  Sybase 
can  help  integrate  all 
the  data  and  business 
applications  in  your 
enterprise. 

So  you  can  extract 
the  maximum  value 
not  only  from  your 
current  infrastructure, 
but  also  from  all  the 
information  that 
resides  within  it. 

Visit  www.sybase.com/ 
integrationsolutions. 
And  resolve  your 
integration  issues. 


£  Sybase' 


Information  Anywhere" 


SYBASE  e-BUSINESS  SOFTWARE. 

EVERYTHING  WORKS  BETTER  WHEN  EVERYTHING  WORKS  TOGETHER:1 


®2002  Sybase,  Ine.  All  rights  reserved.  All  trademarks  are  the  property  of  their  respective  owners. 
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I BM,  Hitachi  Try  to  Counter 
EMC’s  Symmetrix  Upgrade 


Storage  vendors  jockey  for  technology 
leadership  in  high-end  disk  arrays 


BY  LUCAS  MEARIAN 

mc  corp.’S  planned 
announcement  today 
of  a  new  line  of  its 
high-end  Symmetrix 
disk  arrays  is  shaking  up  the 
storage  industry,  with  com¬ 
petitors  such  as  IBM 
and  Hitachi  Data  Sys¬ 
tems  Corp.  scram¬ 
bling  to  steal  EMC’s 
thunder  with  technology  up¬ 
grades  of  their  own. 

Details  about  EMC’s  plans 
began  to  emerge  in  January 
[QuickLink  35699],  Industry 
sources  last  week  said  the 


company  is  expected  to  roll 
out  an  all-new  architecture 
boasting  128  direct,  dedicated 
paths  between  the  channel  di¬ 
rectors  and  internal  caches  in 
the  Symmetrix  arrays.  That 
will  increase  system  band¬ 
width  from  1.6GB/sec. 
now  to  64GB/sec.,  four 
times  that  of  Sym- 
metrix’s  closest  com¬ 
petitor,  Hitachi’s  Lightning 
9900V  array,  the  sources  said. 

Santa  Clara,  Calif. -based  - 
Hitachi  last  week  tried  to 
preempt  EMC’s  move  by  an¬ 
nouncing  that  it  has  doubled 


the  storage  capacity  of  the 
Lightning  9900V  to  126TB  in 
a  RAID-5  configuration  by 
adding  new  146GB  drives. 

In  addition,  IBM  today  is 
expected  to  unveil  a  Bluefin- 
compliant  storage  manage¬ 
ment  interface  for  its  Enter¬ 
prise  Storage  Server  Model 
800,  known  informally  as 
Shark.  Bluefin,  a  draft  specifi¬ 
cation  that  the  Storage  Net¬ 
working  Industry  Association 
hopes  to  finalize  by  the  third 
quarter,  is  aimed  at  making  it 
easier  to  manage  multivendor 
storage-area  networks. 

IBM  also  plans  to  announce 
new  disk  drives  that  operate 
50%  faster  than  the  current 
devices  used  in  the  Shark  ar¬ 


rays,  as  well  as  expanded  data- 
copying  and  disaster  recovery 
features  for  mainframes  that 
run  Linux. 

“Both  [IBM  and  Hitachi]  are 
clearly  paying  a  lot  of  atten¬ 
tion  to  EMC’s  announcement. 
They  have  no  choice,”  said 
Tony  Prigmore,  an  analyst  at 
Enterprise  Storage  Group  in 
Milford,  Mass.  “IBM’s  protect¬ 
ing  its  mainframe  position, 
and  Hitachi  is  protecting  its 
capacity  lead.” 

EMC  is  expected  to  an¬ 
nounce  three  new  Symmetrix 
models,  increasing  the  prod¬ 
uct  line’s  top  capacity  from 
70TB  to  more  than  100TB. 

“They  [EMC]  really  believe 
the  architecture  they  have  puts 
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EMC,  Other  Vendors  Team 
On  E-mail  Archiving  System 


Designed  to  help 
financial  firms  meet 
storage  regulations 

BY  LUCAS  MEARIAN 

EMC  Corp.  last  week  said  it’s 
teaming  with  Iron  Mountain 
Inc.  and  a  vendor  of  content¬ 
archiving  software  to  offer 
technology  and  services  aimed 
at  financial  services  firms  that 
are  under  pressure  to  comply 
with  federal  mandates  to  re¬ 
tain  e-mail  messages. 

The  joint  offering  is  built 
around  EMC’s  Centera  disk 
arrays,  which  are  designed  to 
store  fixed  data,  and  Enter¬ 
prise  Vault  for  Microsoft  Ex¬ 
change,  a  message  archiving 
application  developed  by  KVS 
Inc.  in  Arlington,  Texas. 

Boston-based  Iron  Moun¬ 
tain,  which  manages  physical 
and  digital  records  for  corpo¬ 
rate  users,  will  provide  storage 
services  and  can  host  the  Cen¬ 
tera  arrays  for  banks  and  bro¬ 
kerages  that  don’t  want  to  in¬ 
stall  the  devices  in-house. 


John  McKinley,  chief  tech¬ 
nology  officer  at  Merrill  Lynch 
&  Co.  in  New  York,  said  the 
regulatory  requirements  for 
storing  e-mail  and  being  able 
to  quickly  retrieve  messages 
has  created  an  environment  in 
which  managed  archiving  ser¬ 
vices  could  be  useful. 

“I  think  cost  is  certainly  an 
important  factor,”  said  McKin¬ 
ley,  who  plans  to  leave  Merrill 
Lynch  at  the  end  of  this 
month.  Large  fi¬ 
nancial  services 
firms  might  be 
able  to  afford  to 
install  and  manage 
the  necessary 
technology  inter¬ 
nally,  McKinley 
said.  “But  there  are  a  lot  of  or¬ 
ganizations  where  putting  the 
type  of  infrastructure  in  place 
to  address  all  the  compliance 
requirements  may  not  make 
sense,”  he  added. 

The  vendors  declined  to  dis¬ 
close  pricing  for  the  combined 
offering.  However,  a  5TB  Cen¬ 
tera  array  has  a  list  price  of 


$205,000,  KVS’s  software  costs 
about  $250,000  for  a  10,000- 
mailbox  license,  and  Iron 
Mountain  charges  $30,000  to 
$40,000  for  basic  auditing  and 
storage  services  over  an  initial 
18-month  period. 

Using  a  Web  portal,  Iron 
Mountain  will  also  be  able  to 
access  e-mail  traffic  and  other 
regulated  data  for  the  govern¬ 
ment  if  a  company  is  audited 
or  a  disaster  occurs,  said  Roy 
Sanford,  vice  president  of  con- 
tent-addressed  storage  at  Hop- 
kinton,  Mass.-based  EMC. 

The  idea  of  hosted  storage 
isn’t  unusual,  and  most  of  the 
top  storage-man¬ 
agement  software 
vendors  offer 
e-mail  archiving 
and  search  tools. 
But  Peter  Gerr, 
an  analyst  at  En¬ 
terprise  Storage 
Group  in  Milford,  Mass.,  said 
the  bundled  technology  and 
services  being  offered  by 
EMC,  Iron  Mountain  and  KVS 
are  unique. 

Their  package  may  not  nec¬ 
essarily  be  less  expensive  than 
piecing  together  an  e-mail  ar¬ 
chiving  system  would  be,  Gerr 
said.  But,  he  noted,  “there’s  a 


Archiving 

Allies 


The  three  vendors  will  provide 
the  following  e-mail  retention 
capabilities: 

EMC’S  CENTERA  array  will  store 
messages  on  ATA  disk  drives, 
giving  each  item  a  unique  27- 
character  identifier  to  guarantee 
the  data’s  authenticity. 

KVS’S  SOFTWARE  will  handle 
mailbox  management,  regulatory 
compliance  and  complex  con¬ 
tent-search  functions. 


IRON  MOUNTAIN  will  manage 
long-term  archiving  and  indexing 
of  messages  at  customer  sites  or 
in  its  own  data  centers. 


lot  of  value  in  the  fact  that  it’s 
an  integrated  and  pretested 
solution.” 

The  KVS  software  also  of¬ 
fers  greater  granularity  than 
storage  management  applica¬ 
tions  do,  in  its  ability  to  search 
out  specific  e-mails,  Gerr  said. 
“That’s  the  nature  of  these 
SEC  inquiries:  ‘Give  us  every 
piece  of  correspondence  over 
the  past  year  with  these  seven 
terms,’  ”  he  noted.  ► 


STORAGE  DOWNLOAD 

For  more  coverage  of  data 
storage  technology,  head  to 
our  Storage  Knowledge  Center: 

O  QuickLink  k1700 
www.computerworld.com 


KEY  DETAILS 

Rival  Rollouts 

will  announce  three  new 
Symmetrix  models,  increasing 
maximum  disk  capacity  to 
more  than  100TB  and  internal 
bandwidth  to  64GB/sec. 

plans  to  add  faster  disk 
drives,  a  Bluefin-compatible 
management  interface  and  ex¬ 
panded  Linux  storage  features 
to  its  Shark  arrays. 

is  doubling  the  capac¬ 
ity  of  its  Lightning  9900V  ar¬ 
rays  to  126TB  in  RAID-5  con¬ 
figurations  and  boosting  the 
number  of  1/0  connections  that 
the  devices  support. 


them  at  a  tremendous  perfor¬ 
mance  advantage,”  Prigmore 
said.  “That  means  when  I 
get  an  unexpected  workload, 
now  I  can  manage  through  it 
without  compromising  the 
performance  of  any  given 
application.” 

Toni  Sacconaghi,  an  analyst 
at  Sanford  C.  Bernstein  &  Co. 
in  New  York,  said  in  a  research 
note  that  EMC’s  ability  to  boost 
Symmetrix  sales  and  regain 
lost  high-end  market  share  de¬ 
pends  “in  part  on  how  it  choos¬ 
es  to  price  its  software  and  how 
competitors  such  as  [Hitachi] 
respond  in  hardware  pricing.” 

Sacconaghi  said  he  doesn’t 
expect  a  full  refresh  of  the 
Lightning  product  line  until 
next  year.  But  Hitachi  will 
likely  announce  several  capac¬ 
ity  and  bandwidth  upgrades 
this  year,  he  added. 

Likewise,  Brian  Truskowski, 
general  manager  of  storage 
software  at  IBM,  said  the 
planned  addition  of  a  Bluefin- 
based  programming  interface 
“is  only  the  beginning  of  what 
will  be  a  series  of  product  an¬ 
nouncements  . . .  around  the 
issue  of  interoperability.”  I 


Correction 

Our  story  about  Foote  Partners' 
predictions  on  outsourcing 
trends  on  page  12  of  last  week's 
issue  characterized  the  data  as 
part  of  a  “new  report."  In  fact,  the 
research  is  still  ongoing,  and  the 
data  was  only  preliminary. 
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Homeland  Security  Dept. 
Faces  Leadership  Void 


Private-sector  IT 
waits  to  see  who, 
what  emerges 

BY  DAN  VERTON 

IN  one  of  his  first  moves 
as  secretary  of  Homeland 
Security,  Tom  Ridge  last 
week  appointed  former 
J.R  Morgan  Chase  Bank  execu¬ 
tive  Alfonso  Martinez-Fonts  Jr. 
to  serve  as  special  assistant  to 
the  secretary  for  the  private 
sector. 

But  much  work  remains  to 
fill  key  leadership  positions  at 
the  newly  formed  U.S.  Depart¬ 
ment  of  Homeland  Security 
and  avoid  losing  the  momen¬ 
tum  in  the  public/private  part¬ 
nership  on  cybersecurity  and 
critical-infrastructure  protec¬ 
tion,  Bush  administration  and 
private-sector  officials  said. 

“I  worry  that  if  the  transi- 


Changing  of  the 
Security  Guard 


Who’s  Out? 

RICHARD  CLARKE,  chairman 
of  the  President’s  Critical  In¬ 
frastructure  Protection  Board 

JOHN  TRITAK,  director  of 
the  Critical  Infrastructure 
Assurance  Office  (CIAO) 

RON  DICK,  director  of  the  FBI’s 
National  Infrastructure  Protec¬ 
tion  Center  (NIPC) 

JAMES  CLAPPER,  no  longer 
in  the  running  to  take  over 
the  Department  of  Homeland 
Security’s  Information  Assur¬ 
ance  Division 

Who’s  In? 

ALFONSO  MARTINEZ-FONTS 
JR.,  special  assistant  to  the 
secretary  for  the  private  sector 

HOWARD  SCHMIDT,  likely  suc¬ 
cessor  to  Richard  Clarke 


‘1ANCV  WON6,  acting 
director  of  the  CiAO 


ADM.  JAMES  PLEHAL, 
T-bng  director  of  the  NIPC 


tion  period  drags  on,  we’ll  lose 
much  of  the  gains  made  in 
establishing  a  trusted  relation¬ 
ship  with  the  leaders  of  criti¬ 
cal  infrastructure,”  said  Roger 
Cressey,  former  chief  of  staff 
of  the  President’s  Critical  In¬ 
frastructure  Protection  Board. 
“It  is  imperative  that  the  new 
department  sends  a  clear  sig¬ 
nal  to  the  private  sector  on 
who  the  key  contacts  are  and, 
most  important,  that  they  are 
empowered  to  speak  on  behalf 
of  the  secretary.” 

The  sense  of  urgency  comes 
as  several  high-level  officials 

—  who  have  led  the  govern¬ 
ment’s  efforts  during  the  past 
several  years  to  build  a  part¬ 
nership  with  the  private  sector 

—  have  either  left  or  plan  to 
leave  government  service. 

Richard  Clarke,  whose  ca¬ 
reer  as  the  nation’s  first  anti¬ 
terrorism  coordinator  and 
cybersecurity  czar  spanned 
three  administrations,  plans  to 
retire  this  month,  Computer- 
world  has  confirmed.  Clarke 
was  instrumental  in  building 
the  current  partnership  with 
the  private  sector  and  in  draft¬ 
ing  the  national  strategy  for 
the  defense  of  cyberspace, 
which  has  been  signed  by  the 
president  and  will  be  released 
in  final  form  this  month. 

Likewise,  John  Tritak,  long¬ 
time  director  of  the  Critical 
Infrastructure  Assurance  Of¬ 
fice  (CIAO)  at  the  U.S.  De¬ 
partment  of  Commerce  and 
another  key  player  in  the  gov¬ 
ernment’s  private-sector  out¬ 
reach  effort,  has  also  made  a 
final  decision  to  leave  public 
service,  according  to  sources 
close  to  him. 

Add  two  more  names  to  that 
list.  Ron  Dick,  director  of  the 
FBI’s  National  Infrastructure 
Protection  Center  (NIPC) 
since  March  2001,  left  the 
agency  in  December  for  a 
position  at  El  Segundo,  Calif.- 
based  Computer  Sciences 
Corp. 

And  James  Clapper,  director 
of  the  National  Imagery  and 


Mapping  Agency  and  a  former 
director  of  the  Defense  Intelli¬ 
gence  Agency,  has  backed 
away  from  an  offer  to  lead  the 
new  department’s  Information 
Assurance  Division,  sources 
close  to  the  deliberations  con¬ 
firmed. 

IT  professionals’  reactions 
to  the  changes  were  mixed. 

John  Ervin,  a  systems  ad¬ 
ministrator  at  Tessy  Plastics 
LLC  in  Lynchburg,  Va.,  is  more 
concerned  about  who’s  in  the 
trenches.  The  government 


needs  to  focus  more  on 
staffing  frontline  technolo¬ 
gists  to  work  with  the  private 
sector  on  stopping  cyber¬ 
attacks,  he  said. 

But  the  departure  of  all  of 
these  “trusted  interlocutors,” 
as  one  private-sector  official 
who  spoke  on  condition  of 
anonymity  characterized 
them,  means  that  the  govern¬ 
ment  is  losing  a  lot  of  “institu¬ 
tional  memory”  at  a  time  of 
great  turmoil  and  uncertainty. 

David  Wray,  a  spokesman 
for  the  NIPC’s  transition 
office  at  the  Department  of 
Homeland  Security,  said  all 
such  fears  of  losing  momen¬ 
tum  in  reaching  out  to  the 
private  sector  are  unfounded. 

“We’re  bringing  it  all  togeth- 


I  worry  that  if 
the  transition 
period  drags  onf 
well  lose  much  of 
the  gains  made  in 
establishing  a  trust* 
ed  relationship  with 
the  leaders  of  criti¬ 
cal  infrastruture. 

ROGER  CRESSEY,  FORMER  CHIEF 
OF  STAFF,  PRESIDENT'S  CRITICAL  IN¬ 
FRASTRUCTURE  PROTECTION  BOARD 

er  under  one  roof,  and  we’ll 
actually  have  resources  and 
funding  that  will  put  us  in  a 
better  position,”  Wray  said.  I 


J.D.  Edwards  Upgrades  CRM 
Tools,  Adds  Ties  to  Back  Office 


BY  MARC  L.  SONGINI 

J.D.  Edwards  &  Co.  last  week 
took  the  next  step  in  binding 
its  back-office  software  with 
the  customer  relationship 
management  (CRM)  applica¬ 
tions  that  the  company  bought 
through  its  acquisition  of  You- 
Centric  Inc.  in  late  2001. 

Denver-based 
J.D.  Edwards  an¬ 
nounced  Version 
2.0  of  its  CRM  suite,  saying  the 
upgrade  includes  175  enhance¬ 
ments  and  expanded  integra¬ 
tion  with  its  supply  chain  man¬ 
agement  and  enterprise  re¬ 
source  planning  applications. 

Robbie  Herzig,  senior  mar¬ 
keting  manager  for  CRM  at 
J.D.  Edwards,  said  the  compa¬ 
ny’s  main  objective  for  the 
new  release  “is  to  continue  to 
build  on  the  visibility  the  cus¬ 
tomers  are  asking  for  from  the 
front  office  to  the  back  office.” 

For  example,  J.D.  Edwards 
has  connected  its  contact  cen¬ 
ter  application  to  its  field  ser¬ 
vice  software,  letting  mobile 
customer-service  workers 
look  at  account  histories,  war¬ 
ranty  data  and  other  informa¬ 
tion,  Herzig  said. 

There  is  also  now  a  tie-in 
between  the  company’s  sales 
force  automation  applications 


APPLICATIONS 


and  supply  chain  software. 
That  feature  will  give  demand 
planners  access  to  real-time 
data  feeds  from  salespeople  in 
addition  to  historical  sales  in¬ 
formation,  she  said. 

The  supply  chain  and  CRM 
integration  appeals  to  Brian 
Capone,  director  of  marketing 
at  Hutton  Commu¬ 
nications  Inc.,  a 
Dallas-based  dis¬ 
tributor  of  wireless  communi¬ 
cations  products.  He  said  Hut¬ 
ton’s  sales  force  now  relies  on 
two  systems  —  contact  man¬ 
agement  software  from  Best 
Software  Inc.  in  Reston,  Va., 
and  J.D.  Edwards’  One  World 
XE  applications  —  to  check 
inventory  and  do 
other  supply  chain- 
related  functions. 

But  Hutton  plans 
to  replace  Best’s 
technology  with 
J.D.  Edwards’  new 
CRM  software  within  the  next 
four  months,  Capone  said. 

The  combination  of  the 
CRM  and  One  World  XE  ap¬ 
plications  should  give  Hut¬ 
ton’s  50  mobile  and  in-house 
sales  staffers  an  integrated  set 
of  software  for  doing  things 
such  as  generating  price 
quotes  and  checking  product 


stock  levels,  Capone  noted. 

J.D.  Edwards  is  also  embed¬ 
ding  multichannel  customer- 
contact  capabilities  in  the 
CRM  upgrade  and  adding  an 
option  that  lets  mobile  work¬ 
ers  run  sales  applications 
when  they’re  off-line  and  then 
synchronize  the  data  with 
back-office  systems  when  they 
reconnect  to  their  corporate 
networks,  Herzig  said. 

At  its  Focus  2002  user  con¬ 
ference  last  June,  J.D.  Edwards 
promised  increased  ties  be¬ 
tween  its  back-office  applica¬ 
tions  and  the  CRM  tools  de¬ 
veloped  by  Charlotte,  N.C.- 
based  YouCentric  [QuickLink 
30542J.  J.D.  Edwards  bought 

-  YouCentric  15 

months  ago  after 
previously  re¬ 
selling  Siebel 
Systems  Inc.’s 
CRM  software. 

John  Moore, 
an  analyst  at  ARC  Advisory 
Group  Inc.  in  Dedham,  Mass., 
said  J.D.  Edwards  doesn’t  offer 
as  full  a  set  of  CRM  function¬ 
ality  as  Siebel  and  other  ven¬ 
dors  do. 

But  for  most  of  the  midsize 
users  that  J.D.  Edwards  targets, 
the  CRM  software  “fits  per¬ 
fectly,”  he  said.  ► 


CUSTOMER-CENTRIC 

For  more  CRM  resources,  head 
to  our  Knowledge  Center: 

O  QuickLink  k1300 
www.computerworld.com 
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Looking  Deeper, 
Staying  Safer 

An  intelligent  infrastructure  provides 

integrated  network  security,  keeping 
your  business  applications  more  secure. 

When  you  run  your  business  applications  over  an  intelligent  network  infrastructure, 
you’re  protecting  much  more  than  data.  You’re  protecting  the  value  of  your  IT 
investments.  You’re  protecting  the  privacy  and  productivity  of  employees,  partners,  and 
customers  alike.  You’re  improving  the  reliability  and  availability  of  your  applications. 
Ultimately,  you’re  protecting  your  company’s  reputation — and  its  bottom  line. 

That’s  why  Cisco  Systems  integrates  security  features  into  every  part  of  the  network, 
starting  with  the  intelligent  switches  and  routers  that  provide  the  foundation  for 
today’s  business  applications.  As  a  result,  you  can  implement  whatever  level  of 
protection  you  need,  wherever  you  need  it,  even  as  you  implement  new  solutions 
and  extend  access  to  new  users. 


Integrated  security  offers 
multiple  layers  of  defense 


Cisco  intelligent  switches  and  routers  offer  an  array  of 
embedded  security  features,  enabling  you  to  implement 
the  level  of  security  you  need  today  and  to  safely  deploy 
IP  telephony,  wireless  mobility,  and  other  solutions  in 
the  future.  Integrated  features  include: 


Identity-based  network  services:  Using  the  802.1x 
authentication  protocol,  the  network  grants  privileges 
based  on  personal  logon  info,  rather  than  the  device 
being  used. 


Access  control  lists:  Users  are  restricted  to  designated 
areas  of  the  network,  blocking  unauthorized  access 
to  all  other  applications  and  information. 


Encryption:  IPSec  Virtual  Private  Networks  provide 
secure  tunnels  across  public  networks,  establishing 
secure  connections  for  remote  sites  and  mobile  users. 


Virtual  LANs:  Traffic  on  the  LAN  can  be  isolated  based 
on  users  and  applications  or  business  requirements, 
shielding  data  from  prying  eyes. 


An  intelligent  network  infrastructure  looks  deeper  into  streams  of  data  to  identify 
unauthorized  or  malicious  users,  allowing  only  appropriate  users  access  to  the  systems 
and  information  they  need.  And  because  Cisco  switches  and  routers  come  equipped 
with  embedded  firewalls,  intrusion  detection  systems,  user-authentication  services, 
content  filtering,  virtual  private  network  services,  IP  security,  and  other  safeguards, 
you  can  create  multiple  layers  of  defense  without  compromising  performance  or 
complicating  management. 

By  the  same  token,  you’ll  find  an  array  of  security  features  integrated  into  Cisco  PIX® 
Firewalls,  VPN  Concentrators,  IDS  appliances,  IP  phones,  wireless  LAN  equipment, 
content  delivery  appliances,  and  virtually  every  other  network  device  Cisco  builds,  as 
well  as  the  Cisco  IOS®  Software  that  binds  them  all  together. 

Of  course,  there’s  always  a  chance  you  won’t  need  to  take  all  of  these  precautions.  But 
as  the  world  leader  in  creating  secure  networks,  Cisco  believes  you  should  never  have 
to  rely  on  chance  alone. 


Learn  how  Cisco  routers,  switches,  and  security  appliances  can  help  you  secure 
your  network  and  deliver  a  greater  return  on  your  investments  in  technology. 

www.nwfusion.com/cisco/security 
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Rate  limiting:  Network  managers  can  set  bandwidth 
thresholds,  helping  to  prevent  the  deliberate  or 
accidental  flooding  of  the  network. 

Intrusion  protection:  The  network  continually  scans 
for  signs  of  hackers,  taking  immediate  steps  to  stop 
them  before  damage  is  done. 

Content  filtering:  Users  are  prevented  from  accessing 
objectionable  Web  content,  minimizing  legal  exposure 
and  reducing  unnecessary  WAN  traffic. 

SSL  optimization:  Exploding  volumes  of  SSL  traffic  can 
be  offloaded  from  servers,  cost-effectively  scaling 
application  performance  and  reliability  for  network 
users,  while  simplifying  certificate  management. 


Cisco  Systems 


NEWS 


www.computerworld.com 


14  COMPUTERWORIB  February  3, 2003 


Siebei,  IBM  Plan 
To  Link  Software 

Siebei  Systems  Inc.  and  IBM 
said  they  plan  to  work  together 
to  integrate  Siebel’s  customer 
relationship  management  (CRM) 
software  with  IBM’s  WebSphere 
middleware  products.  Siebel’s 
application  server  technology 
will  be  used  to  support  only 
CRM-specific  functions  in  the 
future,  the  companies  said. 


SAP  Adds  Tool  for 
Homeland  Security 
Functions . . . 

SAP  AG  announced  an  applica¬ 
tion  that’s  designed  to  support 
homeland  security  functions, 
including  border  management, 
emergency  planning  and  infor¬ 
mation  analysis.  The  company 
said  the  Security  Resource  Man¬ 
agement  software  uses  its  new 
NetWeaver  application  integra¬ 
tion  technology  and  includes 
e-government  tools. 


. . .  And  Reports  Q4 
Increase  in  Profits 

SAP  also  reported  its  fourth- 
quarter  financial  results,  which 
showed  a  49%  year-over-year 
increase  in  profits  despite  a 
small  revenue  dip.  Net  income 
totaled  S510  million  at  current 
euro-to-dollar  conversion  rates, 
up  from  S343  million  in  the 
fourth  quarter  of  2001.  Revenue 
fell  2%  to  S2.45  billion,  but  SAP 
said  it  expects  “modest”  sales 
growth  this  year. 

Short  Takes 

SYBASE  INC.  in  Dublin,  Calif., 
reported  a  S9.8  million  fourth- 
quarter  loss  as  revenue  fell  11% 
year  over  year  to  S210.6  million. 

. . .  The  U.S.  Supreme  Court 
ruied  that  NEXTWAVE  TELECOM 
iM”.  can  keep  63  wireless  spec¬ 
trum  licenses  that  the  govern¬ 
ment  tried  to  take  back  after  the 
Greenwich.  Conn. -based  com- 
sny  sought  bankruptcy  protec¬ 
tion  in  1998. 


« 
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Slammer 

hold  some  responsibility  for 
their  negligence,”  said  Mike 
Tindor,  vice  president  of  net¬ 
work  operations  at  First  USA 
Inc.,  an  Internet  service  pro¬ 
vider  in  St.  Clairsville,  Ohio. 

Several  of  the  network  per¬ 
formance  problems  First  USA 
suffered  because  of  Slammer 
resulted  from  three  unpatched 
systems  that  it  was  co-locating 
for  customers.  “Obviously, 

[the  problems]  could  have 
been  avoided  if  our  customers 
had  performed  the  proper  se¬ 
curity  updates,”  Tindor  said. 

Yet  despite  the  need,  few 
companies  have  the  resources 
it  takes  to  keep  current  on  all 
the  recommended  patches  and 
security  advisories  that  inun¬ 
date  them  almost  daily,  users 
and  analysts  said. 

“Systems  administrators 
spend  a  lot  of  their  time  ad¬ 
dressing  day-to-day  problems, 
so  routine  things  such  as  up¬ 
dates  get  pushed  into  the  back¬ 
ground  ”  said  Jesse  Fussell, 
president  of  Information  Secu¬ 
rity  Systems  Inc.,  an  Edgewa- 
ter,  Md.-based  consultancy. 

Patch  Problems 

Software  patches  themselves 
are  often  unwieldy  and  diffi¬ 
cult  to  apply  and  sometimes 
can  break  the  systems  they  are 
intended  to  fix. 

For  instance,  the  patch  that 
Microsoft  had  made  available 
for  the  hole  Slammer  exploit¬ 
ed  involved  in  some  cases  a 
“brutally  slow  and  manual 
process,”  said  Chip  Andrews, 
owner  of  SQLSecurity.com, 
a  site  dedicated  to  securing 
SQL  servers. 

As  a  result,  at  least  “some 
administrators  put  off  the 
patch  because  of  the  sheer 
time  it  would  take  to  patch  a 
production  machine,”  said  Ben 
Koshy,  technical  manager  at 
W3  International  Media  Ltd.,  a 
hosting  company  in  Vancou¬ 
ver,  British  Columbia. 

Pat  Hymes,  vice  president 
of  corporate  information  secu¬ 
rity  at  Wachovia  Corp.  in 
Charlotte,  N.C.,  said  maintain¬ 
ing  patches  can  be  a  challenge 
for  any  organization. 


“It  can  take  a  great  deal  of 
time  and  energy  to  download, 
test  and  implement  service 
packs  and  hot  fixes,  especially 
in  large  organizations  where 
they  can  impact  hundreds  of 
applications  and  thousands  of 
servers,”  Hymes  said.  “The 
total  cost  of  ownership  for 
servers  running 
some  of  these  dis¬ 
tributed  [operat¬ 
ing  systems],  data¬ 
bases  and  Web 
software  is  going 
through  the  roof 
due  to  the  man¬ 
power  being  ex¬ 
pended  to  main¬ 
tain  patches  and 
respond  to  events 
like  the  SQL  Slammer  worm.” 

Claude  Bailey,  an  IT  secu¬ 
rity  analyst  at  one  of  the  na¬ 
tion’s  largest  financial  man¬ 
agement  firms,  said  the  prob¬ 
lem  lies  not  in  detecting  the 
vulnerability  but  in  deploying 
the  patches  and  fixes  across 
an  organization  of  50,000 
employees  and  guaranteeing 
that  the  patch  won’t  cause 
more  problems. 

“We  tested  the  original 
patch  [for  the  SQL  vulnerabil¬ 
ity],  and  it  had  problems,”  said 
Bailey.  And  now,  in  the  middle 
of  tax  season,  there’s  too  much 
to  lose  in  deploying  patches 
that  break  other  parts  of  the 
network,  he  said.  As  a  result, 
the  financial  firm  has  placed 


Not  only  could  companies  have 
slammed  the  door  on  the  Slam¬ 
mer  worm  if  they  had  installed 
the  Microsoft  patch,  but  they 
also  could  have  prevented  it  by 
using  a  free  benchmarking  tool 
developed  jointly  by  the  govern¬ 
ment  and  the  private  sector. 

The  Consensus  Minimum 
Security  Benchmarks,  also 
known  as  the  Gold  Standard, 
were  made  available  to  the  pub¬ 
lic  last  July.  Developed  by  five 
federal  agencies  in  collaboration 
with  the  SANS  Institute  and 
the  Center  for  Internet  Security 
(CIS),  the  Gold  Standard  bench¬ 
mark  is  used  to  test  Windows 
2000  Professional  systems 


a  freeze  on  any  such  mainte¬ 
nance  until  tax  season  is  over. 

The  patching  issue  becomes 
even  harder  when  dealing 
with  patches  that  touch  core 
systems  like  a  database  server, 
said  Eric  Block,  information 
security  officer  at  Dallas- 
based  Mary  Kay  Inc. 

“Database  ad¬ 
ministrators  can 
get  very  nervous 
when  you  tell 
them  that  a  secu¬ 
rity  patch  could 
break  their  serv¬ 
er,”  said  Brock. 
As  a  result,  de¬ 
cisions  about 
patches  some¬ 
times  can  be¬ 
come  a  “risk-rewards  judge¬ 
ment  call,”  he  said. 

Microsoft’s  Woes 

Even  Microsoft  itself  wasn’t 
above  such  oversight  last 
week,  with  several  unpatched 
systems  becoming  infected 
by  Slammer. 

“We  struggle  with  the  same 
issues  as  the  rest  of  the  indus¬ 
try,”  said  Rick  Miller,  a  Micro¬ 
soft  spokesman.  “Some  don’t 
patch  for  time  management 
reasons,  some  out  of  over¬ 
sight.  At  the  end  of  the  day,  it 
should  have  been  patched.” 

Vendors  have  contributed 
to  the  problem  by  failing  to 
provide  enterprise-class 
patching  and  updating  proc- 


for  proper  configuration  [Quick- 
Link  33500], 

Alan  Paller,  director  of  re¬ 
search  at  the  SANS  Institute 
in  Bethesda,  Md.,  said  a  National 
Security  Agency  study  of  the 
benchmark  concluded  that  by 
running  it  on  a  network,  a  com¬ 
pany  could  eliminate  more  than 
90%  of  known  vulnerabilities. 
The  database-specific  vulnera¬ 
bilities  exploited  by  the  Slammer 
worm  would  have  been  among 
them,  he  said. 

Pat  Hymes,  vice  president  of 
corporate  information  security 
at  Wachovia,  a  CIS  member 
company,  said  the  Gold  Stan¬ 
dard  benchmark  serves  as  an 


esses,  said  Paul  Schmehl, 
adjunct  information  security 
officer  at  the  University  of 
Texas  in  Dallas.  The  univer¬ 
sity  lost  Internet  connectivity 
for  about  13  hours  because 
of  Slammer,  according  to 
Schmehl. 

“Most  vendors  are  still  writ¬ 
ing  software  for  individual 
boxes  instead  of  thinking 
about  scaling  processes  to 
make  them  usable,”  he  said. 

It  is  in  response  to  such 
concerns  that  Microsoft  is 
revamping  its  processes  for 
developing  and  distributing 
patches,  Miller  said. 

For  instance,  the  company 
has  begun  to  make  available 
easy-to-use  installers  for  auto¬ 
mating  much  of  the  patching 
process,  Miller  said.  Microsoft 
is  also  working  on  tools  that 
help  companies  scan  their 
networks  and  identify  vulner¬ 
able  systems  more  efficiently, 
he  added. 

“We  recognize  that  we  need 
to  do  a  much  better  job  devel¬ 
oping  and  delivering  patches,” 
Miller  said.  “We  are  working 
on  it.”  » 


Computerworld ’s  Dan  Verton 
contributed  to  this  story. 


MANAGE  THOSE  PATCHES! 

New  tools  help,  but  there's  still  no  easy  way 
to  identify  new  patches  and  prioritize  installs: 

QuickLink  30912 
www.computerworld.com 


“excellent  baseline"  for  security 
testing.  And  because  it’s  avail¬ 
able  for  free,  Hymes  added, 
“there’s  no  reason  not  to  use  it.” 

But  awareness  continues  to 
be  a  challenge,  said  Clint  Kreit- 
ner,  president  of  CIS,  a  Hershey, 
Pa.-based  nonprofit  security 
standards  consortium  of  more 
than  170  companies. 

For  example,  Maurice  Rieffel, 
an  IT  security  analyst  at  a  major 
energy  company  in  Louisiana, 
said  he  was  aware  of  the  bench¬ 
mark  but  hadn’t  realized  that  it 
tested  for  the  SQL  database  vul¬ 
nerability  exploited  by  the  Slam¬ 
mer  worm. 

-  Dan  Verton 


We  strug¬ 
gle  with 
the  same  issues 
as  the  rest  of 
the  industry. 


RICK  MILLER, SPOKESMAN, 
MICROSOFT  CORP. 


Free  Benchmarking  Tool  Could  Have  Detected  SQL  Hole 


Now  you  can  know 
what,  when,  where 
and  how  data  change 
has  occurred. 


Tripwire®  assures  the  integrity  of  your  data 
and  gives  you  the  ability  to  effectively  pinpoint 
and  manage  undesired  change  across  all  your 
servers  and  network  devices.  By  establishing 
a  baseline  of  data  in  its  known  good  state, 
Tripwire  software  monitors  and  reports  any 
changes  to  that  baseline  and  enables  rapid 
discovery  and  recovery  when  an  undesired 
change  occurs. 

Maximize  System  Uptime 

9  Identify  change  quickly 
9  Enable  quick  restoration  to  a  desired  state 
■  Eliminate  risk  and  uncertainty 

Failsafe  Foundation  for  Data  Security 

9  Ensure  the  integrity  of  your  data 
B  Enable  detailed  audit  reporting 
9  Granular  visibility  and  control 

Lower  Costs  and  Frustration 

9  Greatly  reduces  the  time  it  takes  to 
find  and  diagnose  problems 


Tripwire’s  data  integrity  assurance  solutions 
are  the  only  way  to  have  100%  confidence 
that  your  systems  remain  uncompromised. 

In  the  event  of  a  change  in  state,  you’ll  know 
exactly  what,  when,  where  and  how  change 
has  occurred  so  you  can  recover  quickly. 

For  a  FREE  30-day  fully-functional  demo 
and  copy  of  the  white  paper  “Data  Integrity 
Assurance  in  a  Layered  Security  Strategy...”, 

call  toll-free:  1 -800-TRIPWIRE  (874.7947) 
or  visit  http://enterprise.tripwire.com  today! 


THE  DATA  INTEGRITY  ASSURANCE  COMPANY 
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Cartridges _ 

reproduce  a  cartridge  chip’s 
functionality. 

And  now,  a  company  that 
has  so  far  overcome  the  tech¬ 
nological  challenges  posed  by 
the  printer  makers  is 
being  sued  by  Lex¬ 
mark  International 
Inc.  Lexmark  alleges 
that  Static  Control 
Components  Inc. 

(SCC)  in  Sanford, 

N.C.,  is  illegally  copy¬ 
ing  its  printer  com¬ 
puter  chip  technology. 

The  two  sides  will 
face  off  in  a  federal 
court  hearing  Friday 
in  Lexington,  Ky.,  the  home 
of  Lexmark.  It’s  a  case  that 
the  remanufacturing  indus¬ 
try,  also  called  the  aftermar¬ 


ket,  sees  as  key  to  its  fate. 

“This  lawsuit  is  an  industry 
killer,”  said  Tricia  Judge,  execu¬ 
tive  director  of  the  Internation¬ 
al  Imaging  Technology  Council 
in  Freehold,  N.J.  If  remanufac¬ 
turers  are  blocked  from  repro¬ 
ducing  computer  chips,  Judge 
said,  they  won’t  be  able  to  offer 
_  low-cost  alterna- 
v  ’  tives.  “We  have  to 
win,”  she  said. 

Remanufacturers 
have  about  25%  of 
the  toner  cartridge 
market,  according  to 
industry  estimates. 

Eby-Brown  Co.,  a 
$3  billion  wholesale 
distributor  of  conve¬ 
nience  store  goods, 
is  a  large  user  of  re¬ 
manufactured  cartridges.  The 
Naperville,  Ill.-based  company 
saves  20%  to  50%  buying  re¬ 
manufactured  cartridges,  said 


Brian  Freeman,  network  ser¬ 
vices  manager  at  the  company. 

Eby-Brown  has  standard¬ 
ized  on  a  limited  model  line  of 
Hewlett-Packard  Co.  printers, 
so  it’s  practical  to  keep  an  in¬ 
ventory  of  printer  parts  for  in- 
house  repairs,  said  Freeman. 
“Most  companies  are  like  me 
—  we  are  extremely  tied  to 
our  printer  vendor,”  he  said. 

But  this  printer  standardiza¬ 
tion  also  means  the  remanu¬ 
factured  toner  cartridges  are 
the  only  source  of  competition 
with  those  made  by  the  print¬ 
er  maker.  “Anytime  there  is  no 
competition,  the  quality  de¬ 
clines  and  the  price  increas¬ 
es,”  said  Freeman. 

The  Lexmark  lawsuit,  filed 
Dec.  30,  affects  only  two  of 
SCC’s  70  printer  parts  lines. 
SCC  has  stopped  producing 
the  chips  for  those  cartridges, 
pending  the  outcome  of  this 


U.S.  Toner  Cartridge  Market 
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week’s  hearing.  But  SCC  CEO 
Edwin  Swartz  said  he  worries 
other  original  equipment  man¬ 
ufacturers  (OEM)  will  follow 
Lexmark  if  it  succeeds  in  court. 

“The  OEM  is  not  the  friend 
of  the  aftermarket,”  said 
Swartz.  “Every  cartridge  that 
is  remanufactured  is  one  that 
the  OEM  doesn’t  get  to  sell.” 

Lexmark  officials  told  Com- 
puterworld  that  the  company 
offers  users  the  option  of  buy¬ 
ing  cartridges  without  an  up¬ 
front  discount  or  “prebate”  if 


CA  Ships  CleverPath  Portal  Upgrade, 
Bundles  New  Tools  With  Software 


Rollout  part  of  plan 
to  ease  integration 
burden  for  users 

BY  MARC  L.  SONGINI 

Computer  Associates  Interna¬ 
tional  Inc.  this  week  plans  to 
announce  a  software  suite  that 
tightly  integrates  its  portal 
server  with  business  intelli¬ 
gence  tools,  an  end-user  dash¬ 
board,  access-control  technol¬ 
ogy  and  other  capabilities. 

The  planned  rollout  is  part 
of  a  bundling  strategy  CA  de¬ 
tailed  last  month  for  its  Clev¬ 
erPath  Portal  software  [Quick- 
Link  34755],  By  combining  the 
portal  with  various  tools,  CA 
hopes  to  take  away  some  of 
the  integration  headaches  for 
IT  managers  who  currently 
have  to  try  to  cobble  together 
different  applications,  said 
Ricardo  Antuna,  senior  vice 
president  of  CleverPath  mar¬ 
keting  at  CA. 

4'uong  the  planned  en- 
•.meements,  he  said,  is  the  lat- 
e  ieverPath  Portal  release. 

■:  1  4.5  will  have  new  Java 


hooks  and  a  redesigned  user 
interface. 

CA  will  also  add  several  op¬ 
tions  to  the  portal,  including  a 
Lightweight  Directory  Access 
Protocol-compliant  product 
that  will  let  IT  managers  im¬ 
plement  single  sign-on  ap¬ 
proaches  to  authenticate  end 
users  who  want  to  access  in¬ 
formation  through  the  portal. 

Compliance  Tool 

Also  coming  is  a  new  dash¬ 
board-style  user  interface  that 
will  let  business  executives  ac¬ 
cess  key  data  via  a  single  con¬ 
sole,  an  end-user  collaboration 
tool  and  a  product  that  can 
scan  a  company’s  financial 
data  to  detect  potential  fraud. 
The  latter  tool,  which  is  being 
offered  through  a  co-develop¬ 
ment  partnership  with  McLean, 
Va.-based  IT  consulting  firm 
BearingPoint  Inc.,  is  aimed  at 
helping  companies  comply 
with  the  Patriot  Act  and  other 
government  regulations. 

Antuna  said  CA  will  also  of¬ 
fer  an  upgraded  version  of  a 
software  tool  that  can  be  used 


CA’s  Portal  Push 

The  software  vendor  plans  to 
announce  the  following  new 
or  enhanced  products  as  part  of 
its  CleverPath  Portal  offering: 

CLEVERPATH  FOR  GLOBAL 
COMPLIANCE,  to  help  com¬ 
panies  comply  with  financial 
reporting  rules. 

CLEVERPATH  ADVANCED 
ACCESS  CONTROL  OPTION, 
for  centralizing  IT  security  via 
single  sign-on  capabilities. 

CLEVERPATH  COLLABORA¬ 
TION  OPTION,  to  support 
collaboration  across  multiple 
communications  channels. 

CLEVERPATH  DASHBOARD, 
which  provides  a  single  user 
interface  for  business  execu¬ 
tives  or  other  employees. 

to  build  business  rules  into 
systems.  The  new  release  will 
be  able  to  generate  rules  that 
can  invoke  multiple  systems 
through  Web  services  and 
create  automated  business 
workflows. 


CSX  Corp.  is  already  beta¬ 
testing  Version  4.5  of  the  por¬ 
tal  and  may  upgrade  by  year’s 
end,  said  Lisa  Balter,  director 
of  commercial  applications  at 
the  Richmond,  Va.-based  op¬ 
erator  of  railroads  and  other 
shipping  businesses.  Current¬ 
ly,  CSX  runs  both  CA’s  Uni¬ 
center  enterprise  management 
applications  and  CleverPath 
Portal  3.5. 

Balter  said  CSX  is  also  ex¬ 
ploring  the  possibility  of 
rolling  out  the  new  end-user 
dashboard.  The  dashboard  is 
appealing  because  it  lets  end 
users  drill  down  into  data  and 
manipulate  the  information  in 
different  ways,  she  said.  Buying 
an  integrated  suite  is  prefer¬ 
able  to  installing  and  linking 
multiple  applications,  as  long 
as  the  functionality  meets  ac¬ 
ceptable  levels,  Balter  added. 

CleverPath  Portal  4.5  and 
the  regulatory  compliance 
software  are  available  now, 
and  CA  said  the  other  tools 
are  due  in  March.  Pricing  for 
the  full  suite  totals  about 
$200,000.  ft 


they  choose  not  to  return  the 
cartridges  to  Lexmark.  Those 
cartridges  can  be  remanufac¬ 
tured  without  SCC’s  chip  and 
“will  perform  without  loss  of 
functionality,”  they  said. 

SCC  acknowledged  that 
that’s  the  case  but  contended 
that  businesses  buy  only  the 
discounted  cartridges.  “It’s  all 
a  sham  to  stop  remanufactur¬ 
ing,”  Swartz  said. 

Lexmark’s  17-page  lawsuit 
alleges  that  SCC’s  computer 
chip  infringes  on  its  software 
copyright  as  well  as  the  Digi¬ 
tal  Millennium  Copyright  Act 
(DMCA),  the  controversial 
1998  law  established  to  combat 
piracy.  And  it’s  the  DMCA  in¬ 
fringement  allegation  that 
makes  the  case  a  potentially 
far-reaching  one. 

Although  the  DMCA  was 
originally  aimed  at  stemming 
piracy  of  software,  music  and 
motion  pictures,  its  anticir¬ 
cumvention  provision  applies 
to  almost  any  copyrighted  ma¬ 
terial  that’s  being  accessed, 
said  David  Hayes,  chairman  of 
the  intellectual  property  group 
at  Palo  Alto,  Calif.-based  law 
firm  Fenwick  &  West  LLP. 

Under  the  DMCA,  it’s  con¬ 
ceivable,  for  instance,  that  a 
hardware  maker  could  prevent 
interoperability  with  other 
systems  by  citing  the  law’s 
anticircumvention  provisions. 

“In  order  to  block  competi¬ 
tors  from  interoperating  with 
your  products,  all  you  need  is 
some  flimsy  authentication 
handshake,”  said  Fred  von 
Lohmann,  an  attorney  at  the 
Electronic  Freedom  Founda¬ 
tion  in  San  Francisco.  “This 
same  tactic  can  be  used  in  al¬ 
most  any  arena.”  ft 

SHOP  WISELY 

Firms  should  use  caution  when  doing  busi¬ 
ness  with  toner  cartridge  remanufacturers: 

OQuickLink  36028 
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For  further  infoi mation, contact: 
NTT  Communications  Corporation, 
nttverio@ntt.com 


Wisdom 

Something  you  can  expect  from  our  vast  experience. 

NTT/VERIO  IP  and  managed  network  services  are  comprehensive  and  sophisticated. 

But  what  do  we  offer  that’s  different?  One  thing  is  the  wisdom  that  comes  with  the  vast  experiences 
of  covering  nearly  90  countries  around  the  globe.  It’s  a  wisdom  that  helps  our  customers  sustain  their  success. 
From  IP  connectivity  and  managed  network  to  a  range  of  hosting  services,  we  offer  everything 
you  need  to  thrive  in  our  networked  economy.  By  using  the  NTT/VERIO  global  services, 
you  will  be  working  with  a  partner  that  has  complete  control  over  their  network  and  is  completely 
accountable  for  its  consistent  and  reliable  performance.  Which,  we  reel,  is  only  wise. 

www.nttverio.com 


NTT/ VERIO 


NTT  Communications  Group  Offices  Japan  •  USA  •  Brazil  -  UK  -  France  •  Germany  •  Netherlands  •  Spain  • 
Korea  •  China  •  Hong  Kong  •  Taiwan  •  Vietnam  •  Thailand  •  Indonesia  •  Singapore  •  Malaysia  •  Philippines  •  Sri  Lanka  •  Australia 

*  A  full  service  offering  may  not  be  available  in  some  areas. 

NTT  is  a  trademark  of  NIPPON  TELEGRAPH  AND  TELEPHONE  CORPORATION.  Verio  is  a  trademark  of  Verio  Inc.  All  other  referenced  product  names  are 
trademarks  of  their  respective  owners.  ©2003  NTT  Communications  Corporation 


from  Microsoft,  it  quickly  integrated 
the  new  system  with  its  legacy  UNIX 
environment.  The  result:  Emery  now 
provides  customers  with  real-time 
information  about  shipments  and 
expects  more  than  a  100%  ROI 
ir,  less  than  live  months.  Signed, 
sealed,  and  delivered. 


or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  logos  mentioned  herein  may  be  trademarks  of  their  respective  owners. 
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WORLDWIDE 


AND  THE  CONDUCTOR 


NECT  THE  0 


.NET  connected  software  from  Microsoft  lets  you  quickly  integrate  all  your  enterprise 
applications,  so  you  can  automate  your  business  processes.  Your  goal  is  to  get  all 

the  aspects  of  your  enterprise  working  in  concert.  Your  reality  is  filled  with  disparate 
systems  that  clash  or  fail  to  connect  altogether.  .NET  connected  software  from  Microsoft 
provides  powerful,  visual  tools  that  help  you  easily  build  and  maintain  an  enterprise 
application  integration  solution  based  on  industry  standards  such  as  XML.  So  it  works  with  . 
the  applications  you  have,  as  well  as  those  you  adopt  in  the  future.  To  learn  more  about 
Microsoft’s  EAI  solutions  go  to  microsoft.com/integration  (Software  for  the  Agile  Business/) 
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Your  Outsourced  Future 


EADER  REACTION  was  swift  and  scorn¬ 
ful  last  week  after  we  ran  a  story  pre¬ 
dicting  that  35%  to  45%  of  existing  IT 
jobs  in  the  U.S.  and  Canada  will  be  out- 
.  sourced,  shifted  to  contractors  or  moved 
offshore  within  the  next  two  years  [QuickLink 
35866].  So  many  jobs?  So  soon?  No  way  Headline¬ 
grabbing  nonsense,  this  was. 

That  was  my  initial  re¬ 


action,  too.  Analyst  pre¬ 
dictions  tend  to  be  noto¬ 
riously  off  base,  although 
we  in  the  press  cheerful¬ 
ly  troop  along  and  write 
stories  about  them  any¬ 
way.  As  one  reader  put  it, 

“I  think  that  you  guys  are 
sometimes  guilty  of 
oversimplification  of  the 
issues.”  Indeed. 

In  10  years,  though,  I 
suspect  we’ll  see  these 
painful  outsourcing  trends  as  the  in¬ 
evitable  transition  of  a  workforce  in 
a  maturing  industry  that  plays  a  crit¬ 
ical  role  in  the  emerging  global  econ¬ 
omy.  What  IT  is  going  through  today 
mirrors  what  the  automobile  and 
electronics  industries  went  through 
in  previous  decades,  as  once-valued, 
highly  paid  skills  became  commodi¬ 
tized,  automated  or  more  cheaply 
available  elsewhere.  New  skills  rise 
in  value  to  keep  pace  with  changing 
technologies,  sharpening  competi¬ 
tion  and  shifting  business  needs. 
Outsourcing  trends  historically 
move  in  great  waves,  cresting  in  eco¬ 
nomic  downtimes  when  cost  savings 
become  paramount. 

Our  government  has  certainly  em¬ 
braced  outsourcing.  Federal  IT  out¬ 
sourcing  is  expected  to  hit  $15  billion 
annually  by  fiscal  2007  —  a  127% 
increase  over  the  $6.6  billion  spent 
Iasi  year.  That  push  is  coming  from 
two  directions:  a  mandate  to  cut 
costs,  and  the  increasing  difficulty 
>:'  replacing  qualified  technical  and 
pro,  .an  management  employees 
(QuickLink  35533]. 

Yve  can  also  see  outsourcing  tak- 
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ing  hold  in  the  bellwether 
financial  industry.  Mega¬ 
deals  are  making  head¬ 
lines  again,  as  they  did  in 
the  early  1990s.  J.P.  Mor¬ 
gan  Chase  recently  signed 
a  seven-year,  $5  billion 
deal  with  IBM.  Bank  of 
America  inked  a  10-year, 
$4.5  billion  deal  with  EDS. 
Canadian  Imperial  Bank 
of  Commerce  signed  up 
for  $2  billion  in  IT  ser¬ 
vices  from  Hewlett- 
Packard.  And  so  on.  When  Gartner 
researchers  surveyed  39  Fortune  500 
banks  a  few  months  ago,  they  found 
half  of  them  outsourcing  back-office 
and  operational  tasks  more  exten¬ 
sively  than  ever.  Intensifying  compe¬ 
tition,  a  depressed  economy  and  the 
attraction  of  the  pay-as-you-go  mod¬ 
el  for  IT  services  are  a  powerful  trio 
of  business  drivers. 


Offshore  outsourcing  is  also  rising, 
as  the  economic  lure  of  cheaper  pro¬ 
grammer  labor  continues  to  beckon. 
The  one  wild  card  that  may  slow  the 
trend  this  year  is  the  threat  of  war 
with  Iraq.  Yet  Forrester  Research  es¬ 
timates  that  the  $4  billion  in  U.S. 
wages  that  floated  offshore  in  2000 
will  become  a  riptide  of  $136  billion 
and  3.3  million  IT-related  jobs  by 
2015.  Web-based  collaborative  tools, 
inexpensive  bandwidth  and  stan¬ 
dardized  business  applications  make 
it  easier  to  contract  out  maintenance 
and  support. 

In  spite  of  all  this,  I  see  a  silver  lin¬ 
ing  in  this  outsourcing  cloud:  the 
way  American  IT  executives  are  ris¬ 
ing  —  or  will  rise  —  to  the  challenge 
of  managing  projects  involving 
workers  outside  their  companies  and 
around  the  world.  Forrester  is  releas¬ 
ing  a  report  today  called  “Unlocking 
the  Savings  in  Offshore,”  in  which 
analyst  John  McCarthy  lays  out  some 
of  the  best  practices  involved  in 
making  these  projects  work.  They 
include  centralized  management, 
commitment  and  support  from  se¬ 
nior  executives,  and  relentless  proj¬ 
ect  discipline. 

No  rocket  science.  No  great  mys¬ 
teries.  Nothing  you  can’t  handle.  Af¬ 
ter  all,  isn’t  this  the  industry  where 
the  one  constant  is  change?  I 
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PIMM  FOX 

Free  Speech 
Benefits  IT 

THE  IT  COMMUNITY 
has  always  thrived  on 
free  speech.  The  ex¬ 
change  of  information  gives 

users  essential  ways  to  com¬ 
pare  experiences,  develop  new  prod¬ 
ucts  and  enhance  the  affordability  and 
usability  of  all  types  of  systems.  Un¬ 
fortunately,  the  benefits  of  openness 
aren’t  acknowledged  in  the  end-user 
license  agreements  that  vendors  force 
customers  to  sign. 

Now,  though,  vendors  may  find  that 
they’ll  have  to  rewrite  all  those  agree¬ 
ments  to  take  into  account  a  decision 
recently  released  by  New  York  State 
Supreme  Court  Justice  Marilyn  Shafer. 

The  ruling  focused  on  a  case  involv¬ 
ing  language  contained  in  Network  As¬ 
sociates’  license  agreement  prohibiting 
a  user  from  publishing  a  review  of  its 
security  software 
without  prior  ap¬ 
proval.  The  court 
clearly  stated  that  the 
ban  was  deceptive 
because  the  license 
agreement  gave  cus¬ 
tomers  the  impres¬ 
sion  that  they  would 
be  violating  the  law 
when  they  would  not. 

In  essence,  the 
court  said  making 
someone  afraid  to 
write  something  is  the  same  as  pre¬ 
venting  him  from  writing  it  in  the  First 
place.  And  this  typically  is  what  goes 
on  with  a  license  agreement. 

License  agreements  restrain  cus¬ 
tomers  from  disclosing  vital  product 
performance  data,  make  it  impossible 
for  them  to  seek  legal  redress  for  dam¬ 
ages  caused  by  product  flaws  and  can 
bar  them  from  revealing  their  vendor 
experiences  without  first  obtaining 
approval  from  the  vendor.  It’s  hardly 
surprising,  then,  that  most  customers 
have  only  good  stories  to  tell. 

Where’s  the  benefit  in  that? 

Imagine  the  motion  picture  industry 
making  movie  viewers  sign  an  agree¬ 
ment  granting  prepublication  approval 
rights  to  anything  they  may  write 
about  a  film.  All  the  reviews  would  be 
positive.  With  such  a  policy,  the  auto¬ 
mobile  industry  could  ensure  favor¬ 
able  coverage  before  a  would-be  re¬ 
viewer  even  switched  on  the  ignition. 


pimm  fox  is  a  freelance 
writer  in  San  Francisco. 
Contact  him  at 

pimmfox@pacbell.net. 
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In  response  to  the  ruling  (which  it’s 
appealing),  Network  Associates  said  it 
was  trying  to  ensure  that  reviews  re¬ 
flect  the  latest  release  of  a  product. 
That’s  like  saying  you  can’t  review 
Casablanca  without  prior  approval  if 
it’s  not  the  latest  colorized  release. 
The  software  industry  seems  to  still 
believe  it  deserves  special  treatment 
—  treatment  placing  most  consumers 
at  a  disadvantage. 

While  the  ruling  doesn’t  have  much 
force  outside  of  New  York  (too  bad 
Silicon  Valley  users  didn’t  take  the 
lead  on  this),  it  should  embolden  cus¬ 
tomers  to  demand  less  restrictive  end- 
user  agreements. 

It’s  time  to  force  vendors  to  craft 
language  that  helps  your  business,  al¬ 
lows  for  dialogue  to  make  it  easier  to 
do  your  job  and  inspires  the  openness 
IT  users  need  to  remain  innovative 
and  vital. 

Without  these  changes,  we’ve  lost 
more  than  just  better  software;  we’ve 
lost  a  basic  tenet  of  free  speech.  I 

THORNTON  MAY 

Tell  the  Truth 
Effectively 

INFORMATION  technolo¬ 
gy  leaders  are  often  de¬ 
scribed  as  “ambassadors” 
for  our  profession.  In  the  first 
part  of  the  17th  century,  the 

father  of  the  British  foreign  service, 

Sir  Henry  Wotten,  described  the  am¬ 
bassadorial  function  this  way:  “An  am¬ 
bassador  is  an  honest  man  sent  to  lie 
abroad  for  the  good  of  his  country.” 

In  these  trust-sensitized  times,  are 
IT  leaders  lying  for  the  sake  of  our 
discipline  when,  say,  they  promote  ex¬ 
pensive  projects?  Or  are  they  simply 
poor  communicators  who  don’t  know 
their  audience? 

In  association  with  the  College  of 
Business  at  Arizona  State  University,  I 
examined  the  IT  “messaging”  ecosys¬ 
tem  (i.e.,  message  sender,  messages 
being  sent,  executives  receiving  the 
messages  and  the  actions  taken  be¬ 
cause  of  the  message)  at  35  companies 
operating  in  15  vertical  markets.  And 
while  the  results  showed  that  IT  exec¬ 
utives  are  mostly  telling  the  truth, 
they’re  not  telling  it  in  the  right  way. 

Communications  —  what  we  say,  to 
whom  we  say  it  and  how  we  say  it  — 
is  a  significant  and  potentially  suc¬ 
cess-limiting  blind  spot  for  many  IT 
organizations.  Most  IT  shops  don’t 


measure  the  effectiveness  of 
their  messages  (for  exam¬ 
ple,  whether  the  message 
sent  produced  the  desired 
behavior  change). 

Non-IT  executives  prefer 
human-to-human,  experi¬ 
ence-rich  interactions  over 
any  other  form  of  informa¬ 
tion  exchange.  But  the  data 
from  the  study  revealed  the 
following  distribution  of 
communication  modes  by 
IT  leaders: 

■  E-mail . 33% 

■  Meetings . 33% 

■  Telephone . 20% 

■  Face  to  face  . 10% 

■  Other . 4% 

IT  professionals  do  not  spend 
enough  time  involved  in  high-impact, 
person-to-person  conversations. 

Research  indicates  that  humans  are 
nine  times  more  prone  to  broadcast 
ideas  than  to  receive  them.  So,  for  your 
“broadcasts”  to  have  any  impact,  you 
must  know  your  audience.  If  you’re  to 
have  any  luck  inducing  buy-in  and 
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behavior  change,  you  must 
understand  where  your  lis¬ 
teners’  heads  are.  Many  IT 
message  senders  have  no 
map  of  the  mental  beaches 
their  messages  will  wash 
up  on.  IT  leaders  do  not 
spend  enough  time  craft¬ 
ing  their  messages  for  their 
audience. 

In  an  overcommunicated 
world,  sometimes  the  best 
messaging  strategy  is  to 
say  nothing.  Recall  Presi¬ 
dent  George  W.  Bush’s  de¬ 
cision  not  to  give  a  speech  on  the  an¬ 
niversary  of  the  Sept.  11  tragedy  but 
rather  to  spend  nearly  two  hours  at 
Ground  Zero  embracing  fathers,  sons, 
mothers  and  daughters  who  lost  loved 
ones.  He  understood  the  important 
context  of  the  moment. 

Knowing  to  whom  we  are  communi¬ 
cating  is  one  component  of  IT  messag¬ 
ing.  Knowing  why  we  communicate  is 
another.  Gen.  Ulysses  S.  Grant,  coming 
upon  the  14,000  Confederate  defend¬ 
ers  at  Fort  Donelson  in  February  1862, 


knew  exactly  to  whom  he  was  speaking 
and  exactly  what  he  wanted  when  he 
crafted  this  message:  “No  terms  except 
an  unconditional  and  immediate  sur¬ 
render  can  be  accepted.  I  propose  to 
move  immediately  upon  your  works.” 

IT  leaders  may  be  articulate,  but 
they  can  do  a  better  job  of  communi¬ 
cating.  Context-specific  communica¬ 
tion  is  best  learned  through  role-play¬ 
ing  exercises. 

I  look  forward  to  the  day  when  IT 
messages  combine  the  hard-hitting 
journalism  of  Woodward  and  Bern¬ 
stein,  the  social  relevance  and  call  to 
action  of  Upton  Sinclair’s  The  Jungle 
or  Rachel  Carson’s  Silent  Spring,  and 
the  in-the-moment  sensation  of  a  Sur¬ 
vivor  episode.  Then,  perhaps,  the  cor¬ 
porate  muggles  (executives  who  aren’t 
wizards  of  technology,  to  borrow  a 
term  from  Harry  Potter)  will  look  for¬ 
ward  to  hearing  from  us.  I 
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Small  Businesses  Get  Help  Selling  to  Feds 


THERE'S  A  PRESUMPTION  with¬ 
in  the  federal  government  that 
large  businesses  can  figure  out  the 
“federal  labyrinth”  on  their  own 
[“Federal  Labyrinth  Stifles  IT  Ven¬ 
dors,”  QuickLink  35305],  We  as¬ 
sume,  however,  that  small  busi¬ 
nesses  need  assistance  in  dealing 
with  government  contract  opportu¬ 
nities.  By  law,  almost  every  federal 
agency  has  an  office  that  provides 
advocacy,  outreach  and  assistance 
for  small  businesses.  These  points 
of  contact  can  be  found  by  going  to 
an  agency’s  Web  site  (see  First- 
Gov.gov  for  direct  links)  and  then 
searching  for  “OSDBU”  (Office  of 
Small  and  Disadvantaged  Business 
Utilization). 

In  my  limited  experience  as  a 
small-business  liaison,  the  most 
common  mistake  made  by  high- 
tech  vendors  is  that  they  focus  only 
on  the  attributes  of  their  products 
and  ignore  the  specific  needs  of 
the  agency  customer.  Agencies 
can  make  purchases  only  to  meet 
bona  fide  needs.  If  we  don't  need  it, 
we  can’t  buy  it.  And  if  we  need  it 
but  don’t  know  we  need  it,  we  can’t 
buy  it. 

In  addition  to  developing  won¬ 
derful  products,  vendors  must  get 
to  know  their  potential  customers. 


Learn  our  mission  and  culture.  Join 
our  professional  associations.  At¬ 
tend  our  public  presentations.  Re¬ 
spond  when  we  issue  requests  for 
comments.  Contact  the  agency 
OSDBU.  If  you  can't  afford  to  do 
those  things,  set  up  relationships 
with  resellers  that  can. 

Brian  X.  Scott 
Business  utilization  and 
development  specialist,  U.S. 
Geological  Survey,  Denver 


Real  Cyberthreats 

Richard  clarke,  chairman  of 
the  President’s  Critical  Infra¬ 
structure  Protection  Board,  is  right 
on  track  when  he  cautions  us  not  to 
dismiss  cyberthreats  [QuickLink 
35389],  countering  James  Lewis’ 
ill-advised  conclusions  in  a  recent 
paper  for  the  CSIS,  which  pro¬ 
claims  that  “much  of  the  early 
analysis  of  cyber-threats  and  cyber 
security  appears  to  have  'The  Sky  is 
Falling’  as  its  theme”  [QuickLink 
35390], 

Lewis’  paper  is  based  on  some 
flawed  premises.  For  example,  it  is 
my  experience  that  there  are  many 
more  SCADA  systems  that  have 
Internet  connectivity  than  he  as¬ 
sumes.  Certainly,  there  are  fear- 


mongers  who  enjoy  stirring  up  re¬ 
action  to  the  latest  vulnerability,  but 
as  a  whole,  IT  security  and  audit 
professionals  paint  a  realistic  and 
credible  picture  of  risks,  vulnerabili¬ 
ties  and  threats. 

Betty  Pierce 

Vice  president,  Information 
Systems  Security  Association 
Inc.,  Denver  chapter 


Pervasive  Courts 

Regarding  your  Future  Watch 
article  of  Jan.  13,  the  Superior 
Court  of  Arizona  in  Maricopa 
County  is  using  a  form  of  pervasive 
computing  in  some  courtrooms  - 
e-courtrooms  [QuickLink  35198]. 
We  have  a  system  that  tracks  the 
speaker  and  records  the  informa¬ 
tion  on  video.  We  have  replaced 
court  reporters  in  these  court¬ 
rooms. 

Priscilla  Dance 

Superior  Court  of  Arizona, 
Maricopa  County  (Phoenix) 


Handheld  Benefits 

The  articles  on  the  costs  of 
deploying  handheld  devices 
[QuickLinks  34328  and  34819] 
raised  issues  that  everyone  should 
be  aware  of,  but  they  didn't  note  the 
benefits  that  can  be  derived  by  re¬ 


ducing  the  number  of  devices  used 
by  a  workforce.  For  example,  a  se¬ 
cure  wireless  access  project  can  be 
designed  so  that  employees  can 
use  handhelds  to  do  things  that 
would  otherwise  require  a  note¬ 
book.  This  can  be  done  by  creating 
a  few  custom  Web  pages  that  make 
inquiries  to  or  update  the  CRM 
database.  Thus,  for  a  relatively 
small  expenditure,  the  remote  sales 
force  no  longer  needs  notebooks, 
but  it  has  access  to  more  timely  in¬ 
formation.  If  the  handheld  device  is 
also  a  cell  phone,  the  number  of  de¬ 
vices  is  reduced  further. 

Paul  Dube 

Business  development, 
StratITech  Consulting  LLC, 
Randolph,  N.J., 
PDube@StratITech.com 

COMPUTERWORLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
They  should  be  addressed  to  Jamie 
Eckle,  letters  editor,  Computerworld, 
PO  Box  9171, 500  Old  Connecticut 
Path,  Framingham,  Mass.  01701. 
Fax:(508)879-4843. 

E-mail:  letters@computerworld.com. 
Include  an  address  and  phone  num¬ 
ber  for  immediate  verification. 

OMore  letters  on  these  and  other 
topics  are  on  our  Web  site: 

computerworld.com/letters 


The  VP  of  Sales  wants  data  from 
your  mainframe. 

The  guy  who  wrote  the  COBOL  application 

passed  away  in  1992. 

No  Problem, 

myEXTRA!  Smart  Connectors  let  you  do  new  things  with  your  legacy  assets. 


We  share  your  grief.  Unlocking  the  data  and  logic 
hidden  in  mainframes  has  been  a  struggle.  But  it’s 
necessary:  up  to  50  percent  of  corporate  information 
resides  within.  Struggle  no  more.  With  myEXTRA! 
Smart  Connectors, you  can  grab  mainframe  data  — 
in  its  original  format  and  location  —  for  use  with  web 
services,  extranets,  or  intranet  applications,  all  with¬ 
out  needing  a  time  machine. 

Find  out  more.  Download  our  White  Paper  entitled 
"Leveraging  Legacy  Applications  to  Serve  New 
Business  Initiatives”  at  www.attachmate.com/SCi. 
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EMERGING  TECHNOLOGIES 

Task-Centric  Storage  Takes  the  Stage 


QUICKSTUDY 

Session  Initiation  Protocol 


OPINION 

Just  Pin  It  on  Microsoft 


New  inexpensive  storage  appliances  based  on 
Advanced  Technology  Attached  disk  arrays 
may  redefine  the  traditional  role  of  the  appli¬ 
cation  server.  Page  30 


Learn  more  about  this  signaling  protocol, 
which  is  used  for  Internet  conferencing, 
telephony,  presence,  events  notification 
and  instant  messaging.  Page  29 


The  endless  drumbeat  of  anti-Microsoft  propaganda 
is  a  wonderful  way  for  competitors  to  distract  users 
from  failures  of  their  own  making,  says  technology 
evaluations  editor  Robert  L.  Mitchell.  Page  34 


AINFRAME  LINUX  Can 
boost  application  up¬ 
time  and  reduce  sup¬ 
port  costs.  But  users 
and  analysts  recom¬ 
mend  acting  carefully 
when  choosing  which  applications  to 
move  to  the  open-source  operating 
system  and  when  training  staff  in  the 
required  skills. 

The  attraction  of  Linux  on  the  main¬ 
frame  isn’t  so  much  the  low  cost  of  li¬ 
censing  Linux  or  the  fact  that  users  can 
modify  it  and  rely  on  a  community  of 
developers  to  fix  bugs,  users  say.  In¬ 
stead,  the  big  draw  is  the  ability  to 
combine  Linux  with  the  mainframe’s 
proven  reliability,  speed  and  manage¬ 
ment  tools  to  drive  down  the  cost  of 
running  critical  applications. 

“We’re  not  interested  in  just  getting 
the  least  expensive  thing  on  the  mar¬ 
ket,”  says  Randy  Lengyel,  senior  vice 
president  of  MIS  at  Wisconsin  Physi¬ 
cians  Service  Insurance  Corp.  (WPS), 
a  health  insurer  in  Madison,  Wis.  “We 
want  something  that  is  reliable,  func¬ 
tional  and  has  great  customer  service 
from  the  [vendor].” 


Hitting  the  Sweet  Spot 

The  sweet  spot  for  mainframe  Linux 
today  is  server  consolidation  —  replac¬ 
ing  dozens  or  even  hundreds  of  sepa¬ 
rate  Intel-based  Linux  or  Windows 
servers  with  a  partition  on  the  main¬ 
frame  that  dedicates  a  single  processor, 
memory  and  other  system  sources  to 
running  Linux. 

WPS  created  a  virtual  Linux  server 
running  on  one  250-MIPS  processor 
that  was  available  within  an  IBM 
eServer  zSeries  900  mainframe  and 
did  it  at  40%  of  the  cost  of  ordering, 
installing  and  configuring  a  new  Intel- 
based  server,  says  Lengyel. 

A  virtual  server  can  be  created  with¬ 
in  two  to  three  minutes  and  deliver  as 
much  as  nine  times  the  throughput  of  a 
stand-alone  server,  he  says.  WPS,  a 
longtime  mainframe  user,  was  drawn 
to  running  Linux  on  the  mainframe  as 
a  way  to  leverage  the  mainframe’s  reli¬ 
ability  and  to  keep  support  costs  low. 
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senior  vice  president  of  MIS  at  Wisconsin  Physicians  Service  Insurance,  created  a  250-MIPS  virtual  Linux  server. 


MOVING 

INTOMAINFRAME 

LINUX 

Running  Linux  on  IBM  big  iron  can  deliver 
savings  -  but  only  with  the  right  applications 

and  upfront  planning,  by  Robert  l.  scheier 
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Linux’s  Expanding  Mainframe  Role 


Right  now,  the  biggest  use  for  main¬ 
frame  Linux  lies  in  consolidating  infra¬ 
structure  servers  such  as  Web  servers. 
But  a  few  companies  are  already  looking 
for  new  ways  to  use  mainframe  Linux  to 
cut  costs  and  increase  efficiency. 

Some  are  using  application  server 
environments  such  as  WebSphere  and 
WebLogic  to  run  core  business  applica¬ 
tions  “in  modem,  Web-enabled  or  Web 
services  environments,"  says  Giga  Infor¬ 
mation  Group  analyst  Stacey  Quandt. 

Randy  Lengyel,  senior  vice  president 
of  MIS  at  Wisconsin  Physicians  Service 
Insurance,  says  he  hopes  to  do  just  that. 

If  he  could  run  his  PeopleSoft  financial 
applications  on  mainframe  Linux, 

Lengyel  says,  he  could  easily  create  vir¬ 
tual  servers  when  his  accountants  need 
them  and  switch  that  power  to  Web 
servers  during  peak  enrollment  periods 
for  new  members.  Currently,  he  says,  the 


servers  that  keep  the  accountants  happy 
during  their  crunch  time  sit  nearly  idle  the 
rest  of  the  year. 

Dave  Ennen,  technical  support  man¬ 
ager  at  Winnebago  Industries,  says  he 
hopes  to  save  money  by  running  main¬ 
frame  backup  software  on  Linux.  By  us¬ 
ing  IBM's  HiperSockets  to  stage  legacy 
data  to  Linux  running  on  the  mainframe 
before  backing  it  up,  he  says,  he  could 
use  lower-cost  Linux  backup  tools. 

Over  the  next  18  months,  says  Quandt, 
mainframe  Linux  will  enter  a  third  phase, 
where  corporate  IT  will  use  it  to  run  not 
only  business  applications  but  also  data¬ 
bases  that  currently  run  on  z/OS.  This 
development  would  let  IT  shops  use  the 
lower-cost  Linux  environment  to  run 
complete  application  environments  that 
used  to  be  scattered  across  multiple, 
harder-to-manage  servers. 

-  Robert  L  Scheier 


The  instability  of  its  Windows  NT 
servers  was  one  reason  why  recre¬ 
ational  vehicle  manufacturer  Winneba¬ 
go  Industries  Inc.  implemented  Dallas- 
based  Bynari  Inc.’s  InsightServer 
groupware  application  for  Linux  on  an 
IBM  zSeries  mainframe. 

Dave  Ennen,  technical  support  man¬ 
ager  at  the  Forest  City,  Iowa-based 
company,  says  he  had  to  reboot  his 
Windows  NT  servers  once  a  week  in 
an  effort  to  improve  their  stability.  But 
“on  the  mainframe,  everything  is 
geared  to  staying  up  24  hours  a  day, 
seven  days  a  week,”  he  says. 

Winnebago  already  had  a  mainframe 
(an  IBM  S/390  Multiprise  3000  Enter¬ 
prise  Server)  and  a  staff  skilled  in 
IBM’s  z/VM,  an  operating  system  that 
can  divide  each  partition  in  a  main¬ 
frame  into  multiple  software-based 
virtual  machines,  each  running  its  own 
operating  system  and  applications. 

Rather  than  go  through  the  expense 
of  training  his  staff  for  the  upgrade 
from  Windows  NT  to  Windows  2000 
and  Windows  Exchange  Server  2000, 
Ennen  says  it  was  more  cost-effective 
to  use  part  of  his  existing  mainframe 
capacity  and  his  staff’s  mainframe 
skills  to  run  its  Linux-based  e-mail  sys¬ 
tem.  However,  “if  you  were  going  to  go 
out  and  buy  a  mainframe”  just  to  run 
Linux,  he  says,  “it’s  going  to  be  a  little 
hard  to  justify.” 

Many  observers  say  users  should  be 
nnn.ig  at  least  20  to  25  servers  before 


even  considering  consolidation  into  a 
mainframe  Linux  environment.  Some 
of  the  best  candidates  for  consolida¬ 
tion  are  infrastructure  applications 
such  as  file  and  print  services,  e-mail, 
domain  name  servers  and  Web  servers 
such  as  Apache. 

But  not  every  application  is  a  natural 
for  mainframe  Linux.  Windows  appli¬ 
cations  are  a  poor  choice,  since  they 
don’t  run  on  Linux,  although  Linux 
equivalents  are  available  in  many 
cases.  And  applications  that  have  com¬ 
plex  graphical  user  interfaces  or  that 
perform  complicated  data  analysis  can 
use  so  much  processing  power  that  it’s 


Action  Items 

CONSIDER  CONSOLIDATING  servers  that 
run  infrastructure  applications  like  e-mail. 


LOOK  for  a  Linux  distributor  with  enterprise- 
class  support,  such  as  SuSE  or  Red  Hat. 


CROSS-TRAIN  the  Unix  and  mainframe 
staffs. 


MIGRATE  applications  to  Linux  on  Intel- 
based  hardware  first,  then  go  to 
mainframe  Linux. 


FACTOR  IN  the  costs  and  effort  involved 
in  adopting  new  mainframe  operating  sys¬ 
tems,  such  as  z/OS  or  z/VM,  that  might  be 
required  to  support  Linux  partitions. 


more  cost-effective  to 
keep  running  them  on 
stand-alone  servers. 

Users  have  also  been 
reluctant  to  move  com¬ 
plex  applications  such  as 
SAP  R/3,  which  can  take 
years  to  implement  on 
distributed  servers,  onto 
a  new  environment.  Al¬ 
though  SAP  AG  has  been 
among  the  first  vendors  to  support 
Linux  with  its  flagship  products,  Linux 
will  represent  only  about  10%  of  new 
installs  in  2003,  says  Manfred  Stein, 
product  manager  for  Linux  Lab  and 
Unix  platforms  at  SAP. 

Once  you’ve  identified  applications 
to  run  on  the  mainframe,  users  and  an¬ 
alysts  recommend  migrating  them  first 
to  stand-alone  servers  running  Linux. 
That’s  a  good  way  to  get  support  staff 
familiar  with  Linux  before  tackling  the 
additional  complexity  of  the  main¬ 
frame,  they  say. 

Training  Unix  veterans  in  main¬ 
frame  Linux  skills  —  or  Linux  veterans 
in  Unix  skills  —  can  be  one  of  the 
biggest  challenges.  Many  organizations 
have  one  support  organization  for 
mainframes  and  another  for  Windows 
and  Unix  servers,  says  John  Kogel,  vice 
president  of  the  systems  and  service 
management  group  at  Candle  Corpora¬ 
tion  of  America  in  Des  Plaines,  Iowa. 
These  groups  must  work  together  and 
learn  new  terms  for  familiar  concepts, 
he  adds. 

Since  beginning  its  move  to  main¬ 
frame  Linux  in  January  2002,  WPS  has 
cross-trained  two  mainframe  and  two 
Unix  staffers  in  the  combined  Linux/ 
mainframe  environment.  Each  em¬ 
ployee  then  took  his  knowledge  back 
to  his  respective  group. 

Choosing  the  Products 

The  choice  of  Linux  distribution  for 
the  mainframe  matters,  say  users  and 
analysts.  Nuremberg,  Germany-based 
SuSE  Linux  AG  has  the  closest  rela¬ 
tionship  with  IBM,  so  about  80%  of  or¬ 
ganizations  running  production  appli¬ 
cations  on  mainframe  Linux  use  SuSE 
software,  says  Stacey  Quandt,  an  ana¬ 
lyst  at  Giga  Information  Group  Inc. 

WPS’s  Lengyel,  for  one,  chose  SuSE 
Linux.  “We  like  to  have  one  focal  point 
of  support,  through  IBM,  to  support 
z/VM  as  well  as  the  Linux  environ¬ 
ment,”  he  says. 

But  SuSE’s  dominance  may  not  last, 
Quandt  says,  because  Raleigh,  N.C.- 
based  Red  Hat  Inc.  improved  its  main¬ 
frame  support  relationship  with  IBM 
in  the  second  half  of  2002. 

The  choice  of  mainframe  operating 


system  also  makes  a  big 
difference.  Users  can 
run  Linux  in  native 
mode  on  IBM’s  older, 
31-bit  mainframe  OS/390 
operating  system  and 
can  prioritize  applica¬ 
tion  access  to  resources 
within  a  partition.  But 
IBM’s  latest  mainframe 
operating  system,  z/OS, 
supports  higher-throughput  64-bit 
processing  and  lets  IT  managers  prior¬ 
itize  applications  across  multiple  parti¬ 
tions,  says  Peter  McCaffrey,  director  of 
product  marketing  for  zSeries  main¬ 
frames  at  IBM. 

Users  who  hope  to  consolidate  hun¬ 
dreds  of  stand-alone  servers  on  main¬ 
frame  Linux  should  also  plan  to  imple¬ 
ment  IBM’s  z/VM,  recommends 
Quandt.  Z/VM  lets  users  create  hun¬ 
dreds  of  virtual  Linux  machines  within 
each  partition.  Without  z/VM,  users 
are  limited  to  15,  one  for  each  partition. 
And,  says  Ennen,  with  z/VM,  you  don’t 
have  to  bring  the  mainframe  down  to 
create  a  new  Linux  partition.  But 
z/VM  has  a  steep  learning  curve. 

Linux-Only  Hardware 

IBM  also  offers  the  Integrated  Facility 
for  Linux  (IFL),  a  mainframe  processor 
that  runs  only  Linux  under  z/VM  and 
costs  as  little  as  one-third  as  much  as 
a  similar  processor  used  for  general 
mainframe  workloads,  says  Quandt. 
IFLs  can  run  on  IBM’s  Multiprise, 
eServer  zSeries  and  S/390  Parallel  En¬ 
terprise  Servers. 

Another  advantage:  Adding  an  IFL  to 
a  mainframe  doesn’t  boost  software  li¬ 
censing  bills  because  IFLs  aren’t 
counted  in  capacity-based  software 
pricing  agreements,  according  to  IBM. 

For  customers  that  don’t  have  main¬ 
frames  and  might  otherwise  choose 
high-end  Unix  servers,  Quandt  points 
out  that  IBM  offers  a  Linux-only  z800 
with  three  years  of  licensing  and  sup¬ 
port  at  entry  prices  of  less  than 
$400,000,  making  it  a  cost-effective 
alternative  to  high-end  Unix  servers. 

Mainframe  Linux  isn’t  a  good  fit  for 
every  application  or  every  user.  But 
the  more  you  suffer  from  server 
sprawl,  users  and  analysts  say,  the 
more  you  should  consider  it.  ► 


Scheier  is  a  freelance  writer  based  in 
Boylston,  Mass. 


MAINFRAME  LINUX  RESOURCES 

For  more  resources  on  mainframe  Linux,  see  the 
resource  links  at: 

QuickLink  35645 
www.computerworld.com 


We’re  not 
interested  in 
just  getting  the  least 
expensive  thing  on 
the  market. 

RANDY  LENGYEL,  SENIOR  VP 
OF  MIS,  WISCONSIN  PHYSICIANS 
SERVICE  INSURANCE  C0RP. 


(©server 


Under  the  umbrella  of  IBM  (©server  xSeries™  meteorological  supersite  weather.com  is  enjoying 
meteoric  success.  Thanks  in  part  to  the  installation  of  IBM  (Intel®  processor-based)  servers  running 
Linux®  Select  xSeries  models  feature  the  Intel  Xeon™  processor  to  give  you  superior  performance 
and  cost-effectiveness.  For  an  IDG  report  on  how  growing  companies  are  using  IT  to  advance  their 
business,  go  to  ibm.com/eserver/weather  @tnsma&  is  f. 


All  numbers  and  results  reported  are  trom  customer  sources.  This  customer  example  is  intended  as  an  illustration  only.  Costs  and  results  obtained  in  other  customer  environments  will  vary  depending,  among  other  th.ngs,  on 
individual  customer  configurations  and  conditions.  IBM,  the  e-business  logo,  e-business  is  the  game.  Play  to  win  and  xSeries  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation.  Linux 
is  a  registered  trademark  of  Linus  Torvalds.  Intel,  the  Intel  Inside  logo,  and  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Other  company, 
product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2002  IBM  Corporation.  All  rights  reserved. 
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Linux®  ready  with  self-managing  features  for  every  e-business. 


Intel  -based  /  xSeries™ 

It’s  an  affordable  and  powerful 
combination  of  mainframe- 
inspired  reliability  and  smart 
systems  management  tools. 


UNIX®  /  pSeries™ 

Highly  available,  highly  affordable 
and  highly  coveted.  The  pSeries  is 
the  platform  of  choice  for  powerful 
UNIX  and  Linux  solutions. 


Midrange  /  iSeries™ 

Brings  easy-to-deploy,  plug  and 
play  e-business  to  your  business. 
Sophisticated  technology  that’s 
easy  to  manage  and  Linux  ready. 


Mainframe  /  zSeries™ 
Maximum  reliability,  maximum  power, 
maximum  flexibility.  Designed  for  up  to 
99.999%  uptime1  to  handle  the 
demands  of  today’s  e-businesses. 


Winning  through  server  consolidation.  Winnebago  Industries  lives  by  its  e-mail  system.  By  consolidating  its 
functions  onto  one  IBM  (©server  zSeries  running  Linux,  the  company  created  an  industrial-strength  e-mail 
system,  and  saved  on  software  licensing  fees  in  the  process.  For  a  complimentary  guide  on  server  consolidation, 
visit  ibm.com/eserver/winnebago 


1  Requires  Parallel  Sysplex’  environment.  All  numbers  and  results  reported  are  from  customer  sources.  This  customer  example  is  intended  as  an  illustration  only.  Costs  and  results  obtained  in  other  customer  environments 
will  vary  depending,  among  other  things,  on  individual  customer  configurations  and  conditions.  IBM,  the  e-business  logo,  e-business  is  the  game.  Play  to  win,  iSeries,  pSeries,  xSeries,  zSeries  and  Parallel  Sysplex  are 
trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation.  Linux  is  a  registered  trademark  of  Linus  Torvalds.  Intel  is  a  registered  trademark  of  Intel  Corporation  or  its  subsidiaries  in  the  United 
States  and  other  countries.  UNIX  is  a  registered  trademark  of  The  Open  Group.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2002  IBM  Corporation.  All  rights  reserved. 
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on  how  the  initiative  is  working  within 
the  company  and  for  customers. 
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CRAIG  MUNDIE  spent  his 
first  six  years  at  Micro¬ 
soft  Corp.  incubating  a 
variety  of  non-PC  com¬ 
puting  and  service  offer¬ 
ings  —  including  Win¬ 
dows  CE,  software  for 
the  Pocket  PC  and 
WebTV  — for  the  com¬ 
pany’s  consumer  plat¬ 
forms  division.  But  now  the  scope  of  his 
work  is  much  broader. 

Mundie  works  with  Chairman  and 
Chief  Software  Architect  Bill  Gates  on  a 
comprehensive  set  of  technical,  business 
and  policy  strategies  that  spans  Micro¬ 
soft’s  entire  product  line.  As  senior  vice 
president  and  chief  technical  officer  of 
advanced  strategies  and  policy,  Mundie 
must  coordinate  the  plans  when  their 
implementation  crosses  product  groups. 

Mundie’s  interest  in  technical  and 
policy  issues  related  to  security  and  crit¬ 
ical  infrastructure  has  landed  him  on 
several  government  committees,  includ¬ 
ing  the  National  Security  Telecommuni¬ 
cations  Advisory  Committee.  He  also 
started  and  continues  to  sponsor  Micro¬ 
soft’s  Trustworthy  Computing  initiative. 

Computerworld’s  Carol  Sliwa  inter¬ 
viewed  Mundie  about  the  Trustworthy 
Computing  progress.  Excerpts  follow: 

What  effect  did  the  companywide  memo  that 
Bill  Gates  issued  in  January  2002  have  on 
the  Trustworthy  Computing  initiative?  That 
was  sort  of  the  final  step  in  a  company¬ 
wide  evangelism.  At  that  point,  it  went 
from  evangelizing  the  importance  of 
this  to  the  day-by-day  practicing  of  the 
art  of  what  you  do  about  it.  You  have  to 
train  people.  You  have  to  assess  where 
they  are.  You  have  to  make  it  possible 
to  measure  these  things. 

How  can  we  in  the  outside  world  tell  how 
much  progress  Microsoft  has  made  on  Trust¬ 
worthy  Computing?  Qualitatively,  things 
like  Bill’s  memo,  observing  the  vast 
majority  of  people  in  the  company  act¬ 
ing  as  if  they  believe  this  was  an  im¬ 
portant  thing,  is  a  qualitative  way  of 
deciding  if  we  made  progress. 

In  terms  of  the  quantitative  mea¬ 
surements,  I  think  of  them  in  two 
ways.  There  is,  How  do  we  keep  score 
internally  on  whether  or  not  we’re  re¬ 
ally  doing  the  right  thing?  What  I  said 
a  year  ago,  and  which  we  are  working 
every  month  to  do  better,  is  to  develop 
an  internal  measurement  system 
where  we’re  able  to  assess  the  progress 
that  people  have  made,  assess  their 
vt  1  of  understanding  of  the  issues, 

’■ •  ide  training  and  then  keep  score 
that  as  a  way  of  creating  manage- 
n  >:v  metrics  that  allow  the  manage- 


CRAIG 

MUNDIE 

Title:  Chief  technical 
officer  of  advanced 
strategies  and  policy 
at  Microsoft 

Age:  53 

Top  accomplishments: 

Initiator  and  sponsor 
of  Microsoft’s  Trust¬ 
worthy  Computing 
initiative;  co-founder 
and  former  CEO  of 
supercomputer  maker 
Alliant  Computer 
Systems  Corp. 


ment  of  the  company  to  look  in  a  holis¬ 
tic  way  at  Microsoft  and  say,  “Well,  are 
all  the  groups  getting  it?  Are  they  do¬ 
ing  the  right  stuff?” 

The  ultimate  outcome  of  this  is, 
when  you  look  at  the  products,  do  they 
exhibit  better  characteristics?  And 
there,  the  anecdotal  evidence  which 
we  begin  to  measure  in  a  quantitative 
sense  is  certainly  starting  to  support 
the  claim  that  we  will  make  a  big  dif¬ 
ference  here.  If  you  look  at  Visual  Stu¬ 
dio  .Net,  which  was  the  first  product 
group  to  span  down  development  in 
order  to  look  at  these  particular  securi¬ 
ty  issues,  one  thing  that’s  clearly  ob¬ 


servable  is  [that]  we  delayed  the  ship¬ 
ment  of  the  product  from  Thanksgiv¬ 
ing  [2001]  until  February  [2002]  specif¬ 
ically  because  we  made  decisions  to 
make  changes.  That  costs  real  money, 
affects  real  programs  and  real  people. 

Right  now,  we’re  very  pleased,  be¬ 
cause  the  number  of  security  issues 
that  have  come  up  in  that  product 
since  its  release  is  de  minimis. 

What  are  some  of  the  other  areas  where  the 
effects  of  Microsoft's  security  review  can  be 
seen?  [Internet  Information  Server]  6 
was  changed  entirely  in  its  installation 
configuration  so  that  only  the  basic 
Web  server,  which  is  quite  secure,  is 
the  thing  that’s  standardly  installed. 

There  have  been  other  things  people 
can  observe  in  terms  of  the  stand-down 
we  did  in  Windows,  where  we  stopped 
development  this  year  for  about  10 
weeks.  It  produced  a  set  of  patches 
that  we’ve  started  to  push  back  out  to 
the  Windows  update  mechanism  for 
some  of  the  installed  products. . . .  We 
released  some  new  tools,  like  the  Mi¬ 
crosoft  Baseline  Security  Analyzer. 

In  some  sense,  the  first  of  the  real 
Windows  products  . . .  where  [trust] 
has  had  a  lot  of  effect  on  the  design 
will  be  the  .Net  Server  release  in  the 
spring  of  [this]  year,  because  . . .  we 
have  stopped  and  gone  back  and  made 
more  fundamental  changes. 

The  other  thing  that  we  think  is  go¬ 
ing  to  be  telling  will  be,  Which  way  are 
all  the  vulnerabilities,  particularly  crit¬ 
ical  vulnerabilities,  trending  in  terms 
of  the  use  of  the  systems?  We  feel  these 
efforts  are  starting  to  pay  off  and  that 
our  numbers  will  trend  down  in  terms 
of  the  absolute  numbers  of  bugs  that 
are  identified  and  vulnerabilities  that 
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are  found  and  have  to  be  fixed. 

What  is  the  greatest  challenge  going  for¬ 
ward?  In  a  technological  sense,  you’re 
chasing  a  rocket  ship.  I  mean,  we  con¬ 
tinue  to  have  the  technology  moving 
aggressively  forward.  We  continue  to 
scale  up  the  capability  of  the  systems. 
As  they  get  bigger  and  bigger,  com¬ 
plexity  mounts,  and  to  some  extent, 
those  things  all  work  against  the  idea 
that,  well,  can  we  really  get  this  thing 
stabilized  and  improved? 

So  to  some  extent,  I  always  worry 
about  the  balance  between  having  to 
make  the  product  and  the  business  go 
forward  and  trying  to  lock  it  all  down. 
If  things  weren’t  moving,  it  would  be  a 
lot  easier.  But  they  have  to  keep  mov¬ 
ing,  or  there  would  be  no  business. 

What  has  been  your  biggest  disappointment 
in  the  area  of  Trustworthy  Computing?  We 

still  end  up  with  independent  security 
research  folks  finding  bugs  that  we 
don’t  find. . . .  We  wish  we  would  get  to 
the  point  where  they’re  no  better  able 
to  find  things  than  we  are. 

When  I  think  about  the  industry,  one 
of  the  disappointments  I  had  is  that 
there’s  no  observable  evidence,  to  me 
at  least,  that  any  other  significant  com¬ 
panies  have  really  chosen  to  focus  on 
this  to  the  degree  that  we  have.  Cer¬ 
tainly,  if  you  look  at  the  Linux  commu¬ 
nity  or  IBM  and  the  people  advocating 
all  the  open-source  approaches,  there’s 
about  as  big  a  dichotomy  as  you  can 
imagine  between  what  they  say  about 
that  stuff  and  what  it  actually  means. 

One  of  my  big  disappointments  as  it 
relates  to  that  whole  phenomenon  is 
basically  the  blind  adoption  and  re¬ 
iteration  of  all  the  myths  around  these 
things:  Just  because  it’s  open,  it  must 
be  more  secure.  People  think  that  Mi¬ 
crosoft  is  a  whole  lot  worse  at  these 
things  from  an  engineering  standpoint 
than  that  community.  Well,  no,  I  don’t 
think  so.  You  look  at  Windows  with 
50  million  lines  of  code.  You  look  at 
Linux  at,  I  don’t  know,  5  million  lines 
of  code.  You  look  at  the  whole  number 
of  deployments,  or  at  least  the  total 
number  of  people  that  are  doing  the 
analysis  and  attack  on  these  things, 
and  if  we  come  out  even,  we’d  say  we 
must  be  doing  something  right.  But  in 
fact,  we  don’t  find  a  lot  more.  In  fact, 
now  we’re  increasingly  finding  less.  I 


MORE  ON  TRUST 

To  read  more  of  Craig  Mundie's  comments  on  Trust¬ 
worthy  Computing,  the  Palladium  security  features  for 
Windows  and  the  competition,  visit  our  Web  site: 

QuickLink  35932 
www.computerworld.com 
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Session 

Initiation 

Protocol 


DEFINITION 

Session  Initiation  Protocol  is  a  sig¬ 
naling  protocol  for  Internet 
conferencing,  telephony,  pres¬ 
ence,  events  notification  and 
instant  messaging.  The  proto¬ 
col  initiates  call  setup,  routing, 
authentication  and  other  com¬ 
munication  features  to  end¬ 
points  within  an  IP  domain. 


BY  MATT  HAMBLEN 

ESSION  INITIATION 
Protocol  (SIP),  with  its 
promise  of  serving  as  a 
single  global  signaling 
standard,  has  mushroomed  in 
importance  for  networking  in 
the  past  year.  But  it  may  be 
years  from  adoption  because 
of  technical  barriers  still  to  be 
surmounted,  including  prob¬ 
lems  with  device  interoper¬ 
ability  and  concerns 
that  SIP  will  make 
networks  more  vul¬ 
nerable,  experts  say. 

The  idea  behind  SIP 
is  to  provide  a  simple, 
lightweight  means  for 
creating  and  ending  connec¬ 
tions  for  real-time  interactive 
communications  over  IP  net¬ 
works  —  mainly  for  voice,  but 
also  for  videoconferencing, 
chat,  gaming  or  even  applica¬ 
tion  sharing. 

Since  the  Internet  Engineer¬ 
ing  Task  Force  launched  SIP  in 
1999,  hundreds  of  vendors  have 


started  to  sell  SIP-enabled 
phones  and  proxy  servers 
globally.  In  one  significant 
move,  Microsoft  Corp.  built 
support  for  SIP  into  the  Win¬ 
dows  XP  operating  system. 

A  typical  corporate  scenario 
using  SIP  for  an  IP  phone  call 
would  go  something  like  this: 

Caller  X  needs  to  speak  to 
caller  Y.  Each  of  their  compa¬ 
nies  has  a  SIP  proxy  server.  X 
and  Y  can  be  using  any 
of  a  variety  of  clients, 
including  a  PC  soft¬ 
ware  phone,  or  “soft- 
phone”;  a  SIP  hard¬ 
ware  phone;  an  analog 
phone  with  an  adapter; 
or  a  SIP-enabled  cell  phone. 

When  it  was  turned  on,  X’s 
client  automatically  sent  a 
register  message  to  his  compa¬ 
ny’s  SIP  proxy  server,  telling  it 
to  route  calls  to  a  specific  IP 
address.  X  initiates  a  call  to  Y 
via  a  PC  softphone  by  typing  a 
text  request  that’s  sent  to  her 
company’s  SIP  proxy  server, 


which  uses  the  Domain  Name 
System  to  look  up  Y’s  domain. 
The  invite  request  is  forward¬ 
ed  to  Y’s  company’s  SIP  proxy 
server,  which  sees  that  X 
wants  to  call  Y  and  forwards 
the  invite  request  to  Y’s  IP 
address. 

Y’s  phone  rings,  or  a  screen 
pops  up,  and  Y  is  asked  if  he 
wants  to  accept  the  call.  His 
affirmative  response,  called  a 
200  OK,  is  sent  to  his  compa¬ 
ny’s  proxy  server,  which  for¬ 
wards  it  to  X’s  company’s  SIP 
proxy  server,  which  sends  the 
200  OK  to  X’s  client. 

An  acknowledgment  mes¬ 
sage,  or  ACK,  is  sent  directly 
to  Y’s  client,  and  the  commu¬ 
nication  begins 

SIP  is  designed  to  be  a  key 
component  for  integrated  data 
and  voice  IP  networks.  For  ex¬ 
ample,  companies  can  run  a 
cost-effective  single  wire  to  a 
desktop  using  IP  (replacing 
the  second  line  to  a  traditional 
phone)  and  have  the  PC  oper¬ 
ate  as  a  softphone  that  enables 
a  user  to  click  on  a  name  in  a 
PC  directory.  The  name  is  as¬ 
sociated  with  a  SIP  URL, 
sending  a  message  into  a  net¬ 
work  cloud.  Then,  when  a 
connection  is  established,  the 
softphone  user  can  communi¬ 
cate  via  a  headset  connected 
to  the  PC. 

Industry  Inroads 

“SIP  already  has  a  tremendous 
stronghold  in  a  multitude  of 
areas,”  says  David  Fraley,  an 
analyst  at  Gartner  Inc.  in 
Stamford,  Conn.  “Lately,  SIP  is 
the  protocol  of  choice  for  new 
3G  wireless  networks  and 
phones.” 

Moreover,  Cisco  Systems 
Inc.  and  other  manufacturers 
of  IP  public  branch  exchange 
(PBX)  equipment  are  putting 
SIP  into  that  hardware,  while 
media  gateway  makers  are 
adding  it  to  network  cores, 
Fraley  says.  Microsoft,  Yahoo 
Inc.  and  America  Online  Inc. 
have  made  SIP  a  part  of  in¬ 
stant  messaging  sessions. 

“What  we’ll  have  in  the  fu¬ 
ture  is  a  single  signaling  pro¬ 
tocol  across  all  IP  networks, 
and  10  years  out  all  networks 
are  going  to  be  IP,”  Fraley 
predicts. 

The  principal  intention,  and 


advantage,  of  SIP  is,  of  course, 
having  a  common  signal 
across  a  multitude  of  devices, 
Fraley  says. 

But  Tim  McCracken,  busi¬ 
ness  development  manager  at 
Cisco,  points  out  that  interop¬ 
erability  isn’t  always  as  good 
as  proposed.  He  says  that  for 
basic  person-to-person  calls, 
SIP  works  fine.  However,  be¬ 
yond  the  basic  connection  and 
call  waiting  and  call  holding, 
there  are  hundreds  of  features, 
such  as  call  transferring  and 
call  billing,  that  are  being  de¬ 
layed  due  to  interoperability 
problems. 

Craig  Cotton,  a  manager  of 
product  marketing  at  Cisco, 
says  his  company  is  “bullish” 
on  SIP  but  questions  whether 
it  can  evolve  to  deliver  all  the 
functionality  enterprises  want. 

Cisco  officials  worry  that 
SIP,  written  as  a  peer-to-peer 
protocol,  could  be  inadequate 
for  organizations  that  need  a 
signaling  protocol  for  client/ 
server  networks.  But  Fraley 
says  SIP  proxy  servers  can  be 
created  to  overcome  this 
problem. 

At  WorldCom  Inc.,  SIP  “has 
opened  entire  lines  of  busi¬ 
ness,”  says  Teresa  Hastings, 
director  of  multimedia  ser¬ 
vices  engineering.  In  fact,  the 
company  is  already  working 
with  Microsoft  on  a  beta  ver¬ 
sion  of  a  Windows  XP  server 
supporting  SIP,  says  Henry 


Sinnreich,  a  distinguished 
member  of  engineering  at 
WorldCom.  The  company  in 
August  launched  a  commer¬ 
cial  IP  telephony  service 
called  Connection  that  de¬ 
pends  on  SIP. 

Despite  such  high  hopes, 
there  are  concerns  that  SIP 
could  pose  network  security 
problems  as  it  becomes  more 
universal.  “If  you  have  a  single 
signaling  technology  running 
from  telephones  over  the  In¬ 
ternet  into  core  networks  and 
everywhere  else,  there’s  a  lot 
more  room  for  malicious  be¬ 
havior,”  says  Fraley. 

The  peer-to-peer  nature  of 
SIP  also  raises  related  con¬ 
cerns  about  management  and 
control  in  general,  Cotton  says. 

“With  the  traditional  client/ 
server,  [the  datacom  manager] 
is  in  control  and  you  know  all 
the  users,  but  with  peer-to- 
peer,  you  have  a  lot  of  features 
on  a  device  and  you  don’t  go 
through  a  central  repository,” 
says  Cotton.  “Eventually,  with 
a  SIP  proxy  server,  we’ll  get 
that  control,  but  how  long  will 
it  take  in  a  pure  SIP  environ¬ 
ment  to  get  pure  management 
and  control  and  security?”  I 
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SIP  Architecture 


The  diagram  below  shows  a  SIP  architecture  for  use  in  a  corporate  network.  SIP  stan¬ 
dardizes  information  transfer  between  the  clients  of  individual  end  users,  between  the 
SIP  proxy  and  redirect  servers  and  to  a  SIP  gateway  that  also  provides  connectivity  to 
the  public  switched  telephone  network  and  the  company's  legacy  PBX.  The  user 
clients  are  directly  linked  to  the  SIP  gateway  via  RealTime  Transfer  Protocol. 
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Task-Centric  Storage 
Takes  the  Stage 


Outlook:  New  intelligent,  inexpensive 
ATA-based  storage  appliances  are  solving 
application-specific  problems  -  and 
may  redefine  the  traditional  role  of  the 

application  server.  By  Robert  L.  Mitchell 


Network  appliance  inc.’s 
NearStore  ushered  in  the 
era  of  using  inexpensive, 

Advanced  Technology 
Attached  (ATA)  disk  arrays 
for  disk-to-disk  backup  or 
secondary,  near-line  storage.  The  prod¬ 
uct,  launched  in  March  2002,  offers 
faster  backup  and  recovery  times  at  a 
cost  per  megabyte  that’s  competitive 
with  tape  backup  systems.  Now  ven¬ 
dors  are  rushing  to  add  ap-  _ 

plication-specific  intelli-  >it<_ 

gence  to  ATA-based  storage  EMERGING  ; 

appliances  that  reduces  ap-  TrAUMAI  fUilFQ 
plication  server  workloads  ■  EuIIIiULUuILu 
while  offering  more  effi- 
cient  ways  to  store  and  retrieve  data. 

Perhaps  the  best  example  is  Centera, 

EMC  Corp.’s  system  for  indexing,  stor¬ 
ing  and  retrieving  “fixed  content”  files. 

In  Centera’s  Content  Addressed  Stor¬ 
age  scheme,  the  client  application  by¬ 
passes  the  server’s  file  system  by  mak¬ 
ing  calls  to  a  proprietary  application 
programming  interface  (API).  Centera 


intercepts  each  file  storage  request, 
strips  off  the  metadata  (such  as  date 
and  time  stamps)  and  runs  a  hashing 
algorithm  to  create  a  unique,  27-charac¬ 
ter  content  ID.  It  then  returns  a  content 
descriptor  file  (CDF)  to  the  client  ap¬ 
plication  that  points  to  both  the  stored 
object  and  its  metadata.  Thereafter,  the 
application  need  only  request  the 
stored  object’s  content  ID.  Abstracted 
from  the  storage  media  in  this  way,  the 

_  application  needn’t  worry 

about  disk  I/O,  tracking  the 
file  path  or  keeping  up 
with  changes  in  the  back¬ 
end  storage  configuration. 

The  bottom  line:  “You 
should  need  less  of  a  server . . .  and  the 
applications  should  run  more  efficiently 
on  lower-cost  compute  platforms,”  says 
Steve  Duplessie,  an  analyst  at  Milford, 
Mass.-based  Enterprise  Storage  Group. 

Centera’s  technology  also  eliminates 
redundant  file  storage  by  creating  mul¬ 
tiple  references  that  point  to  a  single 
instance  of  the  stored  file.  For  exam- 


Tech  Specs 


pie,  to  store  an  archived  e-mail  file  at¬ 
tachment  sent  to  1,000  users,  Centera 
would  create  1,000  CDF  references  to  a 
single  content  ID,  which  in  turn  would 
reference  a  single,  stored  file. 

Start-up  Avamar  Technologies  Inc. 
takes  this  technology  one  step  further 
to  address  the  problem  of  backup  inef¬ 
ficiencies.  While  Centera’s  CDF  tech¬ 
nology  can  eliminate  storage  of  redun¬ 
dant  files,  Avamar’s  Axion  backup  ap¬ 
pliance  indexes  the  individual  data 
blocks  that  make  up  those  files  on  disk 
in  order  to  eliminate  both  file  and  par¬ 
tial  file  redundancies.  When  a  sen¬ 
tence  changes  in  a  document,  for  ex¬ 
ample,  Axion  updates  only  the  affected 
blocks  within  that  file. 

“We’re  so  much  more  efficient  [that] 
we  can  store  10  to  100  times  the  amount 
of  daily  backups  that  you  could  on  a 
[disk-to-disk  backup  system  that  is] 
mirroring  tape  backup,”  says  Jed  Yueh, 
Avamar’s  executive  vice  president.  The 
result  is  a  system  that  requires  less 
space  for  backups,  can  restore  faster  and 
can  efficiently  back  up  distributed  sys¬ 
tems  over  a  wide-area  network,  he  says. 

Another  start-up,  Netezza  Corp.,  has 
taken  the  intelligent  storage  concept 
the  furthest  by  embedding  parallel 
processing  power  with  individual  disk 
drives.  It  designed  the  Netezza  Perfor¬ 
mance  Server  as  a  “data  appliance” 
that  optimizes  business  intelligence 
queries  against  very  large  databases, 
replacing  the  traditional  Oracle  data¬ 
base  running  on  high-end  Unix  servers 
and  EMC  storage  arrays.  CEO  and  co¬ 
founder  Jit  Saxena  says  disk  I/O  is  a 
bottleneck  when  querying  such  data¬ 
bases.  Netezza’s  parallel  processing  ar¬ 
chitecture  packages  what  it  calls  Snip¬ 
pet  Processing  Units  (SPU)  with  each 
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EMC  CORP. 

■  Location:  Hopkinton,  Mass. 

■  Web:  wvwv.emc.com 

■  Product:  Centera;  prices  range  from 
S204.000  for  5TB  of  mirrored  storage  to 
$408,000  for  10TB.  Systems  can  be 
clustered  for  up  to  150TB  of  capacity. 

■  Release  date:  April  2002 


AVAMAR  TECHNOLOGIES  INC. 

■  Location:  Irvine.  Calif. 

■  Web:  www.avamar.com 

■  Product:  Axion  backup  appliance; 
prices  start  at  $170,000  for  up  to  3.5TB 
of  mirrored  storage. 

■  Release  date:  October  2002 


_ 


NETEZZA  CORP. 

■  Location:  Framingham,  Mass. 

■  Web:  www.netezza.com 

■  Product:  Netezza  Performance  Serv¬ 
er;  prices  range  from  $622,000  for  a 
4.5TB  system  to  $2.5  million  for  an  18TB 
model. 

■  Release  date:  September  2002 
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RAIN  Explained 

Under  the  hood,  both  Centera  and  Axion 
storage  appliances  use  what  are  called 
Redundant  Arrays  of  Independent 
Nodes  (RAIN)  to  achieve  redundancy 
and  improved  reliability.  Both  systems 
consist  of  independently  functioning 
storage  nodes  that  fit  inside  a  standard 
19-in.  cabinet.  Each  node  includes  one 
or  more  disk  drives,  a  CPU,  memory, 
and  Ethernet  connections  that  serve  as 
the  communications  backplane  within 
the  box.  Like  network-attached  storage 
devices,  each  node  runs  its  own  operat¬ 
ing  system.  (Centera  runs  a  variant  of 
Linux  it  calls  CentraStar.) 

RAIN  is  an  implementation  of  RAID 
across  nodes,  rather  than  disk  arrays. 
Centera  uses  RAIN  for  disk  mirroring. 

Axion  supports  “RAIN-5,”  a  node-level 
implementation  of  RAID  5,  which  re¬ 
quires  fewer  redundant  drives. 

The  RAIN  architecture  also  enables 
scaling.  In  Centera,  for  example,  up  to 
16  individual  racks  can  be  clustered  for 
up  to  150TB  of  mirrored  storage,  and 
up  to  seven  clusters  can  be  arranged 
into  a  “domain”  to  support  up  to  1.05 
petabytes  of  data. 

-  Robert  L.  Mitchell 

disk  drive  —  up  to  450  per  appliance 
—  and  integrates  those  with  a  symmet¬ 
ric  multiprocessing  front  end  that  can 
accept  SQL  queries  from  any  applica¬ 
tion  that  supports  the  Open  Database 
Connectivity  protocol.  Each  SPU  has 
dedicated  memory  and  communicates 
over  a  Gigabit  Ethernet  connection. 

“We  have  deployed  huge  amounts  of 
intelligence  right  next  to  each  drive,” 
says  Saxena.  By  keeping  all  drives  proc¬ 
essing  in  parallel,  he  says,  “we  provide 
10  to  20  times  the  performance  of  a  [tra¬ 
ditional]  system  at  half  to  one-third  the 
cost.”  And  because  the  system  is  read¬ 
intensive  and  application-specific,  Sax¬ 
ena  says  ATA-based  drives  work  well. 

By  using  smart,  inexpensive  ATA- 
based  storage  appliances  that  offload 
I/O  processing  for  application-specific 
tasks,  vendors  may  eventually  change 
how  users  view  the  traditional  server’s 
role,  says  Duplessie. 

“What  we’re  doing  is  taking  distrib¬ 
uted  computing  to  the  next  level  by 
‘appliance-izing’  the  intelligence  in  the 
server,”  he  says.  But  even  big-name 
products  like  Centera  are  still  in  early 
stages  of  acceptance.  “It  will  take  some 
time  for  people  to  make  the  best  use  of 
this,”  predicts  Jamie  Gruener,  an  ana¬ 
lyst  at  The  Yankee  Group  in  Boston.  I 


Centera  Turns  State’s  Evidence 


The  Southern  California  High  Tech  Task  Force  in  Nor¬ 
walk,  Calif.,  became  an  early  adopter  of  EMC’s  Centera,  us¬ 
ing  it  to  archive  forensic  evidence  gathered  from  suspects’ 
computers.  Prior  to  using  the  system,  investigators  burned 
evidence  onto  CD-ROMs  -  as  many  as  100  for  a  606B 
drive  image.  “We  needed  something  that  was  se¬ 
cure,  very  reliable,”  says  project  director  Rick  Crai- 
go.  Centera’s  design  supported  mirroring  and  pro¬ 
vided  an  audit  trail,  since  stored  objects  can’t  be 
changed  without  generating  a  new  content  ID. 

“Centera  was  almost  a  custom  fit,”  says  Craigo. 

Using  custom-developed  software,  investigators  now 
store  captured  evidence  on  a  Linux  server  cluster  with  6TB 
of  direct-attached  storage.  Completed  cases  migrate  to  the 


Centera  archive  before  users  erase  them  from  the  active 
storage  area.  Craigo  says  Centera  was  priced  right.  “Our 
sheriffs  department  has  a  Symmetrix  system  that  cost  a 
million  bucks,  and  that’s  1TB.  We’re  at  a  quarter  of  that  for 
10TB.  It’s  a  day-and-night  comparison,”  he  says.  But  the 
system  has  another  benefit:  Craigo  uses  it  to  back 
up  files  on  both  the  evidence  network  and  Win¬ 
dows  2000  servers  in  the  Task  Force’s  offices. 
Backups  run  quickly  and  with  minimum  space  be¬ 
cause  Centera  saves  only  one  copy  of  redundant 
files  and  updates  only  those  files  that  have  changed.  “With 
the  amount  of  archiving  we  do,  well  see  the  overall  savings 
in  about  a  year  and  a  half,”  he  says. 

-  Robert  L.  Mitchell 
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The  Task  Force’s  evidence  system  routes  forensic  disk  image  evidence 
gathered  at  detective  workstations  over  a  Gigabit  Ethernet  LAN  to 
Linux-based  evidence  server  cluster.  The  system  stores  images  in 
electronic  file  folders  along  with  reports  and  other  case  files.  Special 
software  on  the  storage  switch  server  cluster  makes  calls  to  the  Centera 
API  to  allow  daily  backups  of  local  office  server  and  evidence  server  data 
to  the  Centera  device.  Centera’s  CDF  technology  lets  the  system  store 
each  unique  file  just  once,  making  backups  more  efficient  by  eliminating 
redundant  backup  files. 

Detectives  permanently  archive  evidence  server  data  on  Centera  as 
they  close  each  case.  Centera’s  ability  to  create  a  unique  content  ID  with 
a  time  and  date  stamp  for  each  stored  object  creates  the  secure  audit  trail 
required  for  stored  evidence. 
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lissing  PKI  Root  Key 
auses  a  Panic  Attack 


A  potentially  compromised  root  key  threat¬ 
ens  to  undermine  the  entire  corporate 
public-key  infrastructure.  By  Vince  Tuesday 


Y  COMPANY  has  a 
formal  process  to 
deal  with  staffers 
who  are  leaving  our 
company.  It  helps  us  close  ac¬ 
counts  quickly  and  deal  with 
complicated  situations  like  fir¬ 
ings.  We  don’t  want  someone 
to  find  out  from  our  team  that 
he’s  lost  his  job,  rather  than 
from  human  resources  or  his 
manager.  So  we  must  follow  a 
complicated  series  of 
steps.  Recently,  we 
had  a  misstep. 

In  our  process,  the 
PC  support  group 
disables  network  and 
e-mail  accounts,  oth¬ 
er  teams  disallow  ac¬ 
cess  to  the  appropriate  ac¬ 
counts  on  their  systems,  and 
finance  ceases  mobile  phone 
and  remote-access  service  and 
recovers  hardware  from  the 
employees. 

I’d  always  felt  we  were  do¬ 
ing  well  at  balancing  the  need 
to  act  quickly  with  the  need  to 
protect  the  feelings  and  con¬ 
fidentiality  of  departing  em¬ 
ployees.  Then  I  was  called  and 
told  that  someone  who  had 
left  a  month  ago,  let’s  call  him 
“Nick,”  had  logged  into  a  criti¬ 
cal  server  and  that  important 
files  were  missing. 

A  junior  staff  member, 
whom  I’ll  call  “Bob,”  had  taken 
over  Nick’s  work  and  couldn’t 
find  the  test  root  key  when  he 
tried  to  issue  test  private  keys 
for  our  customers.  While 
searching  on  the  server  that 
held  these  files,  he  discovered 
that  someone  had  logged  in 
using  Nick’s  account  and 
deleted  it. 

In  a  public-key  infrastruc¬ 
ture  (PKI),  everything  boils 
down  to  the  root  key.  If  you 
have  the  root  key,  you  can  issue 


your  own  keys  for  any  part  of 
the  system  and  pretend  to  be 
whomever  you  like.  Without 
our  root  key,  we  could  issue  no 
new  keys  and  would  have  to  re¬ 
build  our  PKI  from  scratch  —  a 
daunting  prospect. 

Alarming  Activity 

At  first,  I  wasn’t  too  worried, 
since  this  was  just  the  test  sys¬ 
tem.  I  had  Bob  disconnect  the 
machine  from  the 
network  and  give 
me  the  IP  address 
the  connections 
were  coming  from. 

I  then  asked  the  net¬ 
work  team  to  trace 
it.  The  address  fell 
within  a  range  we  allocate  for 
remote  access,  and  it  could 
have  come  only  from  Nick’s 
house.  It  turns  out  that  Nick’s 
Windows  account  had  been 
properly  closed,  but  the  tele¬ 
phone  company  hadn’t  shut 
down  his  line,  and  his  Unix 
account  was  still  active. 

Even  more  alarming  were 
the  initial  reports  from  the 
analysis  of  the  disconnected 
machine.  Unix  stores  a  history 
of  previous  commands  users 


Without  our  root 
key,  we  could  issue 
no  new  keys  and 
would  have  to 
rebuild  our  PKI 
from  scratch  -  a 
daunting  prospect. 


have  run,  and  it  showed  that 
Nick’s  account  had  conducted 
a  vast  cleanup  operation.  The 
contents  of  directory  after 
directory  had  been  listed  and 
then  deleted. 

This  could  be  a  sign  of  nor¬ 
mal  tidying  up  —  or  of  a  not- 
very-skilled  malicious  user. 
Unix  writes  the  history  file  to 
disk  when  you  disconnect.  If 
you  want  to  get  rid  of  it,  you 
have  to  connect  again,  delete 
the  history  and  leave  once 
more.  Otherwise,  like  Nick, 
you  leave  the  entire  set  of 
commands  issued  in  the  ses¬ 
sion.  With  the  full  history,  we 
could  see  he  had  visited  the 
directories  with  the  keys  in 
them  but  hadn’t  copied  or 
opened  any  of  the  files  before 
deleting  them. 

The  root  key  was  safe,  be¬ 
cause  Nick  hadn’t  looked  at  the 
contents.  But  could  it  be  recov¬ 
ered  so  that  new  test  keys 
could  be  issued?  Or  would  we 
have  to  make  a  new  one  and 
reissue  the  entire  test  environ¬ 
ment  trust  infrastructure? 

Normally,  we  would  use  a 
disk  utility  to  recover  the  files, 
but  with  so  many  files  deleted 
at  the  same  time,  tracking 
down  the  ones  we  needed 
wouldn’t  be  easy.  Then  Bob 
pointed  out  that  the  important 
files,  including  the  root  key, 
had  been  copied  to  a  Windows 
NT  shared  drive. 

Share  Scare 

Meanwhile,  I  made  an  angry 
call  to  the  telephone  company 
and  chased  down  the  heads  of 
the  systems  operations  group, 
which  quickly  plugged  the 
holes  and  corrected  the  proc¬ 
ess.  It  seemed  that  Nick  had 
merely  meant  to  clear  up  his 
files  and  free  up  disk  space.  No 
harm  had  been  done.  Or  had  it? 

Bob  connected  to  the  NT 
share,  one  of  our  company¬ 
wide  temporary  file-sharing 
spaces  that’s  open  to  all  users. 


He  navigated  to  the  directo¬ 
ry  used  by  his  team,  then  went 
to  the  section  for  the  test  keys, 
in  a  folder  called  Test.  But 
what  was  the  folder  next  to  it, 
called  Live? 

My  heart  missed  a  beat.  The 
keys  to  our  live  system  are 
produced  under  total  care  and 
close  supervision,  processed 
on  machines  not  connected  to 
external  networks  and  careful¬ 
ly  encrypted  whenever  they 
are  transferred  to  backups. 

I  pictured  the  result  of  them 
lying  around  on  a  wide-open 
NT  share  available  to  thou¬ 
sands  of  staffers.  We  would 
have  to  shut  down  our  key  sys¬ 
tems,  investigate  all  access  to 
confirm  it  was  legitimate  and 
notify  all  users.  The  humilia¬ 
tion  and  ridicule  from  our  cus¬ 
tomers  and  competitors  would 
be  huge.  “Live?”  I  asked  in  a 
nervous  tone. 

“Don’t  worry,”  Bob  said. 
“Someone  just  added  the  di¬ 
rectory  to  keep  the  structure 
consistent  with  all  our  others. 
We  always  have  a  Live  and 
Test.  Look,  it’s  empty  —  al¬ 
ways  has  been.” 

I  checked  the  backup  logs  to 
confirm  that  Bob  was  correct 
before  letting  out  a  long  sigh 
of  relief.  By  concentrating  all 
the  trust  and  security  of  the 
system  into  a  few  small  files, 
PKI  does  limit  what  you  have 
to  protect  and  makes  it  easier 
to  focus  your  efforts.  But  PKI’s 
root  key  also  makes  it  easier 
for  things  to  go  horribly 
wrong,  as  my  experience 
shows.  D 

WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real 
security  manager,  “Vince  Tuesday,"  whose 
name  and  employer  have  been  disguised 
for  obvious  reasons.  Contact  him  at  vince. 
tuesday@hushmail.com,  or  join  the  dis¬ 
cussion  in  our  forum: 

QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager's  Journals,  go  online  to 
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Honeypots: 

Tracking 
Hackers, 
by  Lance 
Spitzner,  Ad- 
dison-Wesley 
Professional, 

2002. 

Lance  Spitz¬ 
ner,  a  guiding 
light  in  the  Honeynet  Project, 
has  produced  a  masterful 
summary  of  the  current  state 
of  the  art  for  “honeypots”  - 
security  systems  whose  value 
lies  in  their  being  probed,  at¬ 
tacked  or  compromised.  By 
distracting  hackers  from  real 
targets  and  capturing  their 
tactics,  honeypots  help  make 
networks  more  secure. 

Spitzner  takes  the  reader 
on  a  tour  of  the  history  of  hon¬ 
eypots,  reviews  the  six  major 
commercial  and  freeware 
products  and  outlines  the 
steps  involved  in  setting  up  a 
honeypot.  He  also  includes  a 
chapter  covering  the  current 
legal  status  of  this  approach 
to  security. 

The  book  includes  an  ex¬ 
tensive  CD-ROM  with  back¬ 
ground  reading  and  many  of 
the  software  tools  Spitzner 
discusses. 

The  writing  style  is  a  bit 
stilted  and  repetitive,  but  as  a 
resource  on  honeypots,  this 
book  is  a  must-have. 

-  Vince  Tuesday 


A  Better  Browser 

Antivirus  software  intercepts 
and  scans  e-mail  file  attach¬ 
ments  at  the  point  of  entry, 
but  files  downloaded  using  a 
browser  aren’t  scanned  until 
after  they’re  saved. 

Secure  IE,  an  Internet 
Explorer  add-on  from  Boston- 
based  Winferno  Software, 
blocks  access  to  those  files 
until  they’ve  been  scanned.  It 
also  makes  defining  security 
zones  easier  and  can  block 
ActiveX,  Flash  and  pop-up 
windows.  Pricing  starts  at 
S29.95  per  seat;  volume  pric¬ 
ing  of  $15  to  $20  per  seat  is 
available. 
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__ _ __  is  the  company 

that  400,000  businesses  rely  on 
for  e-commerce. 


□  (a)  VeriSign 

□  (b)  VeriSign 

□  (c)  VeriSign 

□  (d)  VeriSign 


We're  also  the  company  that  enables  7  billion  network  connections  every  day.  VeriSign  has  spent  the  last  seven  years  building  a  secure 
infrastructure  for  the  internet.  We'd  like  to  do  the  same  for  your  business.  VeriSign  can  help  you  deploy  a  trusted  infrastructure  so  you 
can  conduct  secure  communications  and  transactions.  Soon  you'll  know  why  475  of  the  Fortune  500  use  VeriSign.  s 
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Media  Exchange 
Appliance  Debuts 

Zultys  Technologies  in  Sunnyvale, 
Calif.,  last  week  announced  the 
MX1200,  a  media  exchange  ap¬ 
pliance  for  integrating  voice  over 
IP,  data,  video  and  fax  with  one 
software  interface.  It  runs  on  the 
Linux  operating  system  using 
standard  protocols  such  as  the 
Session  Initiation  Protocol,  Voice 
XML  and  the  Telephony  Applica¬ 
tion  Programming  Interface. 

The  MX1200  scales  from  25  to 
1,200  users,  and  prices  range 
from  $20,000  to  $212,000,  de¬ 
pending  on  the  number  of  users. 


Microsoft  Updates 
MOM  2000 

Microsoft  Corp.  has  announced 
enhancements  to  its  Microsoft 
Operations  Manager  (MOM) 

2000  software,  which  helps 
companies  manage  Windows  en¬ 
vironments.  The  enhancements 
include  about  30  management 
pack  updates  with  application- 
specific  information  for  common 
Microsoft  server  scenarios; 
Service  Pack  1  with  globalization 
capabilities;  and  support  for  clus¬ 
tering  the  MOM  database,  a  MOM 
Resource  Kit  to  help  users  im¬ 
prove  efficiency  and  an  updated 
software  development  kit. 


Compuware  Offers 
Vantage  8.5 

Compuware  Corp.  in  Farmington 
Hills,  Mich.,  released  an  instant 
reporting  upgrade  to  its  Vantage 
application  performance  manage¬ 
ment  line.  Version  8.5  will  include 
a  Web-based  user  interface  to 
manage  an  entire  enterprise  from 
a  single  console,  allowing  views 
into  clients,  servers  and  network 
nodes  and  links. 

The  new  reporting  tool  allows 
IT  staff  to  combine  in-depth  sys¬ 
tem-performance  data  with  infor¬ 
mation  about  the  end  user’s  ex¬ 
perience  and  then  immediately 
publish  an  integrated  report  that 
can  be  distributed  via  e-mail  or  to 
other  Web  sites.  Pricing  for  Van¬ 
tage  8.5  starts  at  $19,000. 


ROBERT  L.  MITCHELL 

Just  Pin  It  on 
Microsoft 


Microsoft  has  become  the  compa¬ 
ny  that  the  computer  industry  loves  to 
hate.  It’s  downright  fashionable  these 
days  to  blame  everything  on  the  “con¬ 
victed  monopolist.”  But  that  attitude 
also  serves  as  a  convenient  vendor  smoke  screen  that 


distracts  the  industry  from 
more  important  issues  — 
such  as  building  good  prod¬ 
ucts,  listening  to  the  cus¬ 
tomer  and  developing  new 
technologies. 

Is  Microsoft  truly  re¬ 
sponsible  for  everyone’s 
failures  in  this  industry?  To 
listen  to  its  competitors, 
one  might  think  so. 

Vendors  that  can’t  com¬ 
pete  have  always  needed 
someone  to  blame,  some¬ 
one  to  sue.  Why  not  Micro¬ 
soft?  What  other  reason  could  explain 
why  competitors’  “technically  superi¬ 
or”  products  fail  to  catch  on?  How 
about  this:  Many  vendors  are  so  cock¬ 
sure  that  they  know  what’s  best  for 
corporate  IT  that  they  fail  to  listen  to 
what  IT  managers  really  want.  Instead, 
they  try  to  force-feed  managers  tech¬ 
nologies  they  don’t  need.  Microsoft 
has  no  monopoly  on  arrogance. 

If  there’s  one  thing  Microsoft  is 
good  at,  though,  it’s  listening  to  the 
customer.  In  fact,  one  could  argue  that 
the  problems  technologists  hated  most 
in  Windows  9x  —  poor  security  and  a 
lack  of  reliability  —  are  a  direct  result 
of  listening  too  closely  to  end  users, 
who  were  demanding  ease  of  use  and 
ever  more  features.  With  its  stated  re¬ 
liability  and  security  initiatives,  Mi¬ 
crosoft  now  has  a  laser  focus  on  the 
needs  of  corporate  IT,  and  the  ship  is 
slowly  turning.  The  lawyers  are  ready. 

Few  companies  have  been  vilified  to 
the  extent  that  Microsoft  has.  Even 
cigarette  maker  Philip  Morris  (now 


Altria  Group  Inc.)  gets 
more  respect  these  days. 

In  online  forums,  a  sub¬ 
culture  of  hate  has  arisen 
where  Microsoft  has  been 
accused  of  everything 
short  of  building  weapons 
of  mass  destruction.  And 
those  who  view  alternative 
technologies  as  a  personal 
religion  see  Microsoft  as  a 
threat  to  their  very  exis¬ 
tence.  The  Great  Satan 
must  be  toppled. 

Far  removed  from  these 
arguments  sit  most  corporate  IT  man¬ 
agers,  who  don’t  care  about  intrigue. 
They  want  products  that  make  good 
business  sense.  Products  like  Micro¬ 
soft’s  Exchange,  SQL  Server  and  Sys¬ 
tems  Management  Server  aren’t  gain¬ 
ing  ground  in  corporate  America  be¬ 
cause  they’re  being  forced  on  IT. 
They’re  getting  in  because  they  have 
features  IT  has  been  requesting. 

And  the  idea  that  Microsoft’s  prod¬ 
ucts  are  inferior  is  bunk.  If  you  don’t 
believe  that,  ask  a  corporate  program¬ 
mer  who  has  worked  with  Visual  Stu¬ 
dio  .Net  and  the  .Net  Framework.  Or 
an  Exchange  2000  administrator.  Or 
early  users  of  Windows  Server  2003. 

In  most  cases,  Microsoft  has  consis¬ 
tently  churned  out  technically  solid 
products.  Are  they  category  leaders? 
Often  not.  Do  they  have  weaknesses? 
You  bet.  But  in  corporate  IT,  where 
slow  and  steady  is  the  name  of  the 
game,  a  good-enough  product  with  en¬ 
terprise-class  support  will  do  just  fine. 

It’s  well  known  that  Microsoft  can 


spend  huge  sums  to  establish  itself  in  a 
new  business.  It’s  true  that  the  compa¬ 
ny  leverages  its  hegemony  in  desktop 
and  departmental  server  software  to 
gain  footholds  in  new  markets.  But  its 
dominance  beyond  software  is  over¬ 
rated.  Microsoft  ranked  72nd  on  the 
Fortune  500  list  last  year.  Its  revenue, 
at  $28  billion,  is  about  one-third  that  of 
IBM,  which  is  just  as  aggressive  and 
customer-focused  —  and  is  pushing  a 
Linux  strategy  that  actively  competes 
against  the  Windows  franchise. 

Microsoft  isn’t  invulnerable.  It’s  still 
protecting  a  proprietary  Windows  ar¬ 
chitecture  in  a  world  that  increasingly 
demands  open  systems.  Key  business¬ 
es  outside  of  Windows  and  Microsoft 
Office,  from  MSN  and  Xbox  to  cell 
phones  and  set-top  boxes,  lost  money 
to  the  tune  of  $1  billion  last  year.  And 
with  the  market  for  its  Windows  fran¬ 
chise  maturing,  Microsoft  tacitly  ac¬ 
knowledged  that  it’s  unlikely  to  grow 
as  it  once  did  by  declaring  a  modest 
shareholder  dividend  in  January  —  an 
event  that  rocked  the  industry. 

This  is  the  Evil  Empire  that’s  re¬ 
sponsible  for  all  of  our  problems?  I 
don’t  see  it.  Yes,  Microsoft  can  be  a 
ruthless  competitor.  Yes,  the  govern¬ 
ment  declared  that  the  company 
abused  its  monopoly  power  in  the  op¬ 
erating  systems  market  and  used  that 
advantage  to  drive  competitors  out  of 
key  markets.  But  the  biggest  complain- 
ers  aren’t  the  small  guys  who  got 
squashed  by  the  Microsoft  elephant. 

It’s  the  other  big  boys  in  the  herd  who 
often  bang  the  drums  hardest.  Those 
vendors  should  take  responsibility  for 
their  own  competitive  missteps  and 
keep  the  focus  on  the  customer,  where 
it  belongs.  I 


DO  YOU  AGREE? 

Post  your  thoughts  and  read  what  others  have  to  say.  in 
our  online  discussion  forum: 

QuickLink  a2850 
www.computerworld.com 
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MToo  often  people  think  they  have  to  create  Fort 
Knox.  If  you’re  in  the  nuclear  power  business, 
you’re  right  at  the  top.  But  if  you’re  in  baked  goods, 
nobody’s  looking  to  knock  off  the  Keebler  elf.” 


-  Jay  M.  Williams,  senior  vice  president  and  chief  technology 
officer  at  The  Concours  Group.  Page  37 


STEAL  THIS  IDEA 

Gettina  the  Right  Person 
At  the  Right  Time 

Dow  Chemical  reduced  its  hiring  cycle 
time  across  900  offices  in  65  countries 
by  consolidating  its  efforts  through  an 
application  service  provider.  Page  40 


PprL  Watrlv 

BMWs  Are  Out,  Bowling  Is  In 

Companies  are  doing  their  best  to  keep 
IT  talent.  A  wonderful  boss,  good  career 
growth  opportunities  and  the  prospect  of 
fun  are  key  to  luring  pros  for  the  long  term, 
says  Cognos  CIO  Rob  Collins  (left).  Page  38 


Minnesota’s 
solution  may 
have  been 
cheap  and 
inelegant,  but  it 
works  just  fine. 
By  Connie 
Winkler 

HEN  EX-WRESTLER  Gov. 
Jesse  Ventura  promised  to 
shape  up  Minnesota’s  gov¬ 
ernment,  the  state’s  Driver 
and  Vehicle  Services  (DVS) 
division  was  taking  as  long 
as  four  months  to  renew  a  driver’s 
license  or  issue  car  registrations  and 
license  plates.  Complaining  was  use¬ 
less  because  the  30-person  call  center 
couldn’t  answer  the  1.5  million  calls 
it  received  annually.  The  system  was 
a  joke. 

“Courts  would  tell  citizens  to  call 
DVS  to  find  out  when  their  driver’s  li¬ 
cense  was  reinstated,  for  example,  and 
citizens  would  just  laugh  because  they 
knew  it  was  impossible  to  get  through 
on  the  phones,”  recalls  Judith  Franklin, 
manager  of  enterprise  technology  sup¬ 
port  for  DVS  and  the  person 
charged  with  untangling  the  mess. 

Or,  more  dangerously,  police 
would  stop  drivers  on  the  roads 
and  have  no  way  of  knowing  for 
sure  whether  a  license  was  suspended 
or  had  been  reinstated  as  motorists 
claimed. 

As  part  of  the  totally  paper-based 
system,  various  forms  for  licenses  and 
registrations  piled  up  at  DVS  in  St.  Paul 
and  across  an  assortment  of  third-party 
companies  that  the  state  contracts  to 
process  DVS  paperwork.  Consequent¬ 
ly,  the  information  was  keyed  by  about 
30  data  entry  workers  into  an  archaic, 
1970s  vintage  mainframe  database  sys¬ 


tem  known  as  Supra  from  Cincom  Sys¬ 
tems  Inc.  in  Cincinnati.  To  generate 
and  decipher  reports  from  the  data, 
DVS  users  needed  dot-matrix  printers, 
Cobol  programmers  and  highlighter 
pens.  The  system  was  a  mess. 

That  was  three  years  ago.  Today,  citi¬ 
zens  receive  renewed  driver’s  licenses 
in  three  to  seven  days  by  applying  ei¬ 
ther  via  the  Internet  or  at  one  of  the 
hundreds  of  third-party  driver’s  license 
contractor  sites,  the  majority  of  which 
are  connected  via  a  sister  Web  system. 

In  the  courts,  1,200  judges  get  imme¬ 
diate  access  to  driving  records,  and  po¬ 
lice  are  beginning  to  download  driver’s 
license  photos  to  car  computers  to  aid  in 
their  work.  Back  in  St.  Paul,  DVS  opera¬ 
tions  and  budgets  are  being  revamped, 
and,  as  a  result,  the  more  than  two- 
dozen  data  entry  workers  —  many  of 
whom  were  hired  20  to  30  years  ago  — 
are  now  asking  what  their  new  jobs  are 
going  to  be.  According  to  DVS,  they’re 
being  reassigned  to  other  jobs  at  a  sav¬ 
ings  to  DVS  of  about  $72,000  a  month. 

But  getting  here  wasn’t  easy. 

Under  New  Management 

“Our  new  management  is  very  much 
into  managing  us  as  a  business,”  says 
Franklin.  “We  needed  to  have  a  tech¬ 
nology  infrastructure  that  supported 
the  business  practices  we  wanted  to 
change.” 

DVS  chose  Verastream  Host  Integra¬ 
tor  software  from  Seattle-based  soft¬ 
ware  vendor  WRQJnc.  and  com¬ 
modity  servers  running  a  Mi¬ 
crosoft  SQL  Server  database  as  a 
cost-effective  solution.  This  in¬ 
termediary  server-based  tier 
uses  component  technology  to  extract 
the  valuable  business-logic  nuggets 
from  the  old  code  residing  on  the 
mainframe  and  to  link  the  new  Web- 
enabled  front  end  to  the  green  screens 
and  IBM  S/390  back  end,  which  is  still 
running  under  CICS  in  the  state’s  De¬ 
partment  of  Administration  (see  dia¬ 
gram,  next  page). 

As  so  many  state  governments  now 
face  huge  budget  shortfalls,  this  front- 
Continued  on  page  36 
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Fast  Functionality  on  the  Cheap 


To  make  data  and  logic  housed  in  its  legacy 
central  mainframe  application  available  to 
Web-based  users,  Minnesota’s  Department  of 
Vehicle  Services  deployed  an  intermediary 
server-based  computing  tier.  It’s  here  that 
WRQ’s  component  technology  is  used  to  ex¬ 
tract  valuable  business  logic  nuggets  from  old 
code  on  the  mainframe  and  link  them  to  new 
Web-enabled  front-end  systems.  Also,  green- 
screen  terminals  can  still  tap  into  the 
mainframe  system.  Total  cost:  about 
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Continued  from  page  35 
end  approach  is  “fairly  common  be¬ 
cause  there  are  so  many  state  back-end 
systems  that  require  a  complete  over¬ 
haul,”  says  Thom  Rubel,  program  di¬ 
rector  for  IT  at  the  National  Governors 
Association  in  Washington.  “Most 
states  are  trying  to  do  it  this  way  be¬ 
cause  redesigning  everything  is  too  ex¬ 
pensive.  They’re  trying  to  create  open 
architectures  so  they  can  create  sys¬ 
tems  that  don’t  require  wholesale 
change  on  the  back  end.” 

A  bonus  for  states  is  that  adding  self- 
service  capabilities  frees  up  employees 
for  other  jobs.  “There  are  efficiencies 
to  be  gained,  and  many  states  are  try¬ 
ing  to  identify  still-manual  processes 
that  don’t  need  to  be  there,”  says 
Rubel.  “States  don’t  always  get  rid  of 
people,  but  they  redeploy  them  to 
functions  they  haven’t  been  able  to  do 
for  lack  of  people  funding.” 

Avoiding  Back-End  Overhauls 

For  Franklin,  who  was  brought  in  to 
give  DVS  its  own  computing  capability, 
make  the  agency  more  accountable 
and  dramatically  improve  customer 
service,  redesigning  the  mainframe 
system  wasn’t  an  option. 

“I’ve  talked  with  other  states  which 
dropped  such  projects  after  two  years 
because  they  bit  off  too  much  in  want¬ 
ing  to  change  the  whole  back  end,”  she 
says.  “They  spent  multiple  millions  of 
dollars,  but  after  several  years,  they 
dropped  the  project.  Everyone  had 
lost  interest  because  there  was  no  de-  | 
liverable.”  Ultimately,  Franklin  adds, 

DVS  wants  a  new  oack-end  database,  i 
but  that’s  a  long-term  nroject. 

For  now.  Franklin  emphasizes  deliv¬ 
ering  functionality  fast.  “You  have  to  go 
ahead  and  make  some  moves.  You  can’t 
wait  until  you’ve  designed  everything 
— -  the  business  will  have  changed  in 
ihe  wo  vears  it  took  you  to  redo  every¬ 
thing,"  she  says. 

Because  the  Supra  system  was  a 
i  sed,  proprietary  product  with  little 
cr  ication  documentation,  there  was 


no  way  to  hook  in  application  pro¬ 
gramming  interfaces  or  other  connec¬ 
tions  used  by  current  technologies.  “If 
it  had  been  IBM’s  DB2  or  Oracle’s 
database,  there  would  have  been  all 
sorts  of  tools  we  could  use,”  she  ex¬ 
plains.  The  other  issue:  Franklin  had 
only  three  programmers,  none  of 
whom  had  worked  with  Web  systems 
or  databases  before. 

Franklin  turned  to  WRQ,  with  which 
she  had  worked  in  the  past,  to  connect 
sundry  desktop  systems  to  main¬ 
frames.  Verastream  was  installed  in 
September  2001,  and  by  November  the 
small  team  had  the  driver’s  license  re¬ 
newal  process  online.  The  initial  Vera¬ 
stream  software  and  server  hardware 
cost  about  $25,000,  but  the  system  is 
now  up  to  five  servers,  representing  an 
investment  of  about  $100,000. 

Many  systems  designers  today  may 
find  such  a  solution  inelegant.  But  it 
reflects  the  wider  reality  that  employ¬ 
ees,  partners  and  customers  want  ac¬ 
cess  to  information  on  demand.  They 
don’t  want  to  wait  months  or  years  to 
get  the  capability.  Yet,  existing  legacy 
systems  weren’t  designed  for  such 
flexibility,  and  IT  budgets  are  tight. 
That  leaves  many  IT  managers  trapped 
between  legacy  systems  and  the  “ex¬ 
pectations  of  the  Web  generation,” 
notes  WRQPresident  Shaun  Wolfe. 

Another  big  plus  for  DVS  is  that 
Verastream’s  component  technology 
allowed  DVS  to  reuse  chunks  of  code 
containing  the  business  logic  for  a  spe¬ 
cific  application,  such  as  computing  the 
tax  on  a  car  based  on  its  age. 

“I  didn’t  want  to  rewrite  all  that;  if 
it’s  already  written,  why  can’t  I  reuse  it 
and  Web-enable  it?”  says  Franklin,  who 
in  previous  jobs  re-engineered  main¬ 
frame-based  systems  for  3M  Co.,  the 
Carlson  School  of  Management  at  the 
University  of  Minnesota,  and  St.  Paul’s 
schools. 

Verastream  also  includes  data  audit¬ 
ing  tools,  which  enable  DVS  to  collect, 
store  and  manage  new  information 
from  the  Web  transactions.  Also,  be¬ 
cause  Verastream  uses  models  to  build 
applications,  those  models  can  be  re¬ 
used  as  needed.  Internal  users  appreci¬ 
ate  that  new  applications  are  Lurned 
around  in  one  co  two  months  and  that 
they  perform  consistently,  Vranklin  says. 

Improved  Access 

Currently  at  www.mndriveinfo.org ,  citi¬ 
zens  can  renew  their  licenses  or  plate 
registrations,  change  their  addresses, 
check  car  tax  information  and  ascer¬ 
tain  their  driver’s  license  status. 

At  www.dps.state.mn.us/esupport, 
the  state’s  hundreds  of  judicial  and  law 


enforcement  agents  and  business  part¬ 
ners,  such  as  car  dealers  and  private  li¬ 
cense-processing  businesses,  can  get 
password  access  to  conduct  their  busi¬ 
ness.  Courts  and  the  police  can  read 
and  update  driver’s  license  records. 

The  business  partners  can  renew  or 
duplicate  driver’s  licenses,  schedule 
driver  exams  and  renew  registrations. 
Some  pilot  sites  are  even  issuing  dupli¬ 
cate  titles.  These  private  agents  now 
conduct  more  than  50%  of  vehicle  re¬ 
newals  and  10%  of  driver’s  license  re¬ 
newals  online. 

At  these  third-party  business  sites, 
distributing  the  data  entry  via  the  Web 
to  where  the  citizen  is  submitting  the 
application  dramatically  improves  ac¬ 
curacy.  If  the  eye  exam  is  missing  from 
the  application,  the  processing  stops, 
rather  than  the  error  being  caught  three 
weeks  later  in  St.  Paul.  Such  errors 
would  require  that  the  third  party  chase  | 
down  the  citizen  for  a  re-exam,  which 
is  just  one  of  the  horror  stories  from 
the  previous  process,  Franklin  reports. 

Indeed,  reworking  the  DVS  systems 
to  serve  citizens  has  shaken  out  many 
rat's  nests  and  inequities.  Currently, 
private  companies  are  able  to  buy  the 
state’s  DVS  information  —  at  no  profit 
to  the  state  —  and  resell  it  back  to  the 
citizens.  Now,  says  Franklin,  “our  goal 
is  to  distribute  the  information  to  the 
citizens  whose  information  it  is,”  even¬ 


tually  eliminating  the  middleman  com¬ 
panies  that  now  sell  it  back  to  citizens 
for  a  fee. 

In  2002,  Ventura  didn’t  seek  re- 
election  as  governor,  but  the  account¬ 
ability  gauntlet  he  threw  down  to  state 
agencies  remains.  His  successor,  Re¬ 
publican  Tim  Pawlenty,  has  already 
asked  the  DVS,  “How  are  you  going  to 
integrate  this  with  the  rest  of  the 
state?”  Franklin  is  talking  with  Min¬ 
nesota’s  Department  of  Finance  and 
the  Bureau  of  Criminal  Apprehension. 

Minnesota’s  experience  is  mirrored 
across  the  nation.  States  have  been  the 
last  holdouts  for  the  hierarchical  main¬ 
frame-based  systems  of  the  1960s  and 
1970s,  says  the  National  Governors 
Association’s  Rubel.  That  situation  has 
endured  because  of  constitutional  and 
statutory  requirements,  but  the  org¬ 
anization’s  best-practices  group  is  see¬ 
ing  a  surge  in  new  systems-migration 
strategies. 

“States  are  ideally  headed  toward  the 
practice  of  capture  the  data  once  and 
|  use  it  many  times,"  so  that  citizens  and 
businesses  aren’t  constantly  re-enter¬ 
ing  data,"  says  Rubel.  “But  you  can  still 
find  some  strange  things  out  there.”  ► 

Winkler,  a  former  New  York  bureau  chief 
for  Computerworld,  writes  about  tech¬ 
nology  management  from  Seattle.  Con¬ 
tact  her  at  winklerconnie@yahoo.com. 
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How  to  Do  an  IT 
Security  Audit 

Understanding  your  business  will  focus 
your  efforts.  By  Kathleen  Melymuka 


IF  YOU’RE  THE  IT  MANAGER  at  a 
small  to  midsize  business,  it’s 
only  a  matter  of  time  until  you’re 
asked  to  do  an  IT  security  audit. 
Even  in  a  larger  company,  if  secu¬ 
rity  is  decentralized,  you  may  be 
the  go-to  guy  in  IT.  You’re  neither  a  se¬ 
curity  expert  nor  an  auditor,  and  re¬ 
sources  are  tight.  How  will 
you  begin  and  where  will  you 
go  from  there? 

■  First,  don’t  panic.  “People 
sell  themselves  short,”  says  Jay  M. 
Williams,  senior  vice  president  and 
chief  technology  officer  at  The  Con- 
cours  Group,  an  IT  consulting  firm  in 
Kingwood,  Texas.  “For  the  most  part, 
security  is  common  sense.” 

■  Join  a  security  research  organization 
such  as  the  Information  Security  Fo¬ 
rum,  says  RA  Vernon,  chief  security  of¬ 
ficer  at  Reuters  America  Inc.  in  New 
York.  “You’ll  find  a  group  of  individu¬ 
als  willing  to  talk  about  security  issues, 
share  experiences  and  add  some  value 
to  any  process  you  may  try  to  imple¬ 
ment,”  he  says.  They  can  direct  you  to 
software,  methodologies  and  other  re¬ 
sources  to  help  you  tackle  the  job. 

■  Consult  with  your  business  executives 
to  be  sure  you  understand  which  as¬ 
pects  of  your  business  are  most  vul¬ 
nerable  to  security  threats. 


CERT  Coordination  Center 
www.cert.org 

■  A  center  of  Internet  security  exper¬ 
tise  at  the  Software  Engineering  Insti¬ 
tute,  a  federally  funded  research  and 
development  center  operated  by 
Carnegie  Mellon  University.  Informa¬ 
tion  and  training  on  protecting  your 
system,  reacting  to  current  problems 


■  Consider  your  industry.  “Too  often 
people  think  they  have  to  create  Fort 
Knox,”  Williams  says,  but  in  reality, 
few  companies  have  extremely  tight 
data  security  requirements.  “If  you’re 
in  the  nuclear  power  business,  you’re 
right  at  the  top,”  he  says.  “But  if  you’re 
in  baked  goods,  nobody’s  looking  to 

knock  off  the  Keebler  elf.” 

■  Manage  executive  expecta¬ 
tions.  “An  IT  audit  program 
will  not  happen  overnight,” 
says  David  Hoelzer,  director  of  Global 
Information  Assurance  Certification 
and  manager  of  the  Advanced  Systems 
Audit  track  of  the  SANS  Institute,  a  co¬ 
operative  security  research  and  educa¬ 
tion  organization  in  Bethesda,  Md.  De¬ 
pending  on  the  size  of  the  organiza¬ 
tion,  it  will  take  at  least  several  weeks, 
he  says.  “Prepare  management  for  the 
work  that  will  be  required  of  them  to 
assist  you,”  he  adds,  because  they’ll 
need  to  help  correct  any  faulty  policies 
and  practices  that  are  uncovered. 

■  Map  it  out.  Work  with  technology 
and  business  analysts  to  draw  a  high- 
level  schematic  of  the  vulnerable  inter¬ 
sections  of  technology  and  business, 
Vernon  suggests. 

Consider  security  tools.  There  is 
software  that  can  scan  your  network 
and  produce  a  list  of  areas  of  exposure. 


and  predicting  future  problems. 

SANS  Institute 
www.sans.org 

■  Research,  education  and  training 
on  IT  security  issues. 

Center  for  Internet  Security 
www.cisecurity.org 

■  Methods  and  tools  to  improve,  measure, 


There  are  also  tested  methodologies 
such  as  OCTAVE  from  the  CERT  Co¬ 
ordination  Center  at  Carnegie  Mellon 
University  in  Pittsburgh  that  help  you 
build  a  security  program  to  industry 
standards.  Your  colleagues  in  the  se¬ 
curity  group  can  help  you  find  the 
most  useful  tools  for  your  company’s 
needs.  “They  take  the  best  practices 
and  roll  them  up  into  a  product  that 
the  IT  manager  can  plug  in,”  Vernon 
says.  “It  may  not  be  all  you  need,  but  it 
will  be  a  far  cry  from  where  you  cur¬ 
rently  are.” 

But  don’t  go  tool-happy.  “To  secure 
every  server  and  app  is  not  going  to 
have  any  ROI,”  says  Rick  Allen,  princi¬ 
pal  at  E-Security  Assurance  Services  in 
Santa  Rosa,  Calif.  “The  level  of  control 
has  to  equal  the  level  of  risk.  You  don’t 
want  to  put  a  $500  security  tool  on  an 
asset  worth  $50.” 

■  Prioritize.  “All  vulnerabilities  are  not 
created  equal,”  says  Larry  Rogers,  se¬ 
nior  member  of  the  technical  staff  at 
CERT.  “Some  fixes  are  worth  the  time 
spent,  and  some  are  not.”  Identify  criti¬ 
cal  information  assets  by  figuring  out 
which  could  put  the  company  out  of 
business  if  they  were  compromised  or 
damaged,  says  Hoelzer. 

■  Focus  on  internal  controls.  “A  Fort 
Knox  firewall  in  front  of  your  server 


monitor  and  compare  the  security  status  of 
Internet-connected  systems  and  appliances. 

Internet  Security  Alliance 
www.isalliance.org 

■  A  forum  for  sharing  information 
on  security  issues. 

Information  Security  Forum 
www.securityforum.org 

■  An  international  corporate  membership 
organization  whose  members  share  informa¬ 
tion  about  security  issues. 


won’t  help  if  someone  can  still  impact 
that  information  due  to  lack  of  internal 
controls,”  says  Allen.  The  five  basic  in¬ 
ternal  security  controls  are  authoriza¬ 
tion,  identification  of  users  and  sys¬ 
tems,  authentication,  integrity  (includ¬ 
ing  backups,  checks  and  balances  on 
data)  and  monitoring. 

■  Check  that  you  have  reasonable  security 
policies  and  procedures  in  place,  says  Bar¬ 
bara  Buechner,  formerly  senior  manag¬ 
er  for  information  security  at  Merck- 
Medco  Managed  Care  LLC  in  Franklin 
Lakes,  N.J.,  and  now  on  the  staff  at  the 
Technology  Managers  Forum  in  New 
York.  Then  make  sure  that  your  com¬ 
pany’s  reality  matches  what  you  have 
on  paper. 

■  Write  it  up.  “Address  the  areas  that 
have  been  acknowledged  as  vulnerabil¬ 
ities  and  put  together  some  documen¬ 
tation  as  to  how  you’re  going  to  miti¬ 
gate,”  Vernon  says.  Include  all  the  key 
issues  and  costs  associated  with  miti¬ 
gation.  “Some  vulnerabilities  may  be 
accepted  by  the  business  because  miti¬ 
gation  is  too  costly,”  he  says.  “That’s  a 
business  decision.” 

■  Stay  real.  A  focused  25-page  report 
with  clear  action  items  will  accomplish 
much  more  than  a  1,000-page  report 
that  will  exhaust  everyone’s  commit¬ 
ment  and  end  up  on  a  shelf,  Allen  says. 

■  Consider  a  pro.  For  companies  with 
complex  security  needs,  such  as  a  legal 
obligation  to  protect  customer  or  pa¬ 
tient  privacy,  it  probably  makes  sense 
to  contract  an  IT  security  firm.  “Many 
items  that  would  be  obvious  to  a  secu¬ 
rity  professional  may  be  overlooked  by 
a  day-to-day  administrator,”  says  Tom 
Watson,  project  lead  for  information 
security  at  Bayer  Corp.  Pharmaceutical 
Division  in  West  Haven,  Conn.  An  out¬ 
side  firm  can  perform  the  audit,  estab¬ 
lish  compliance  guidelines  and  help  to 
create  security  documentation  or  sim¬ 
ply  validate  that  you  did  your  risk  as¬ 
sessment  correctly  and  haven’t  missed 
anything. 

Remember  that  security  is  a  com¬ 
plex  and  continuing  challenge,  and  pe¬ 
riodic  audits  are  a  must.  “It’s  never  the 
end  of  the  story,”  Vernon  says.  “Securi¬ 
ty  is  an  ongoing  saga.”  k 


Melymuka  is  a  Computerworld 
contributing  writer.  Contact  her  at 
kmelymuka@earthlink.net. 
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Go  to  our  Web  site  for  a  detailed  questionnaire  that 
experts  use  to  assess  internal  security  controls: 

QuickLink  35783 
www.computerworld.com 
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IT  Sfcurity  Resources 


More  this  issue:  Read  more  about  security  in  this 
week’s  Security  Manager's  Journal  on  page  32. 
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Companies  are  doing  their  best  to 
keep  IT  talent.  By  Barbara  DePompa 


A  ROSE  FINALLY  DID  IT. 

Competing  IT  services  firms  in 
Michigan  had  been  doing  everything 
they  could  to  move  in  on  The  Epitec 
Group  Inc.’s  growing  IT  services  busi¬ 
ness.  Underbidding  on  IT  staffing  con¬ 
tracts.  Wining  and  dining  corporate 
accounts.  Even  making  plays  for  the 
company’s  IT  talent. 

So  when  Holly  Maguire,  manager  of 
employee  relations  and  “maestro  of 
corporate  harmony,”  discovered  that 
every  one  of  Southfield,  Mich.-based 
Epitec’s  programmers  and  consultants 
had  been  presented  a  single  rose  and 
offered  a  free  lunch  by  a  competing  IT 
services  recruiter,  she  was  forced  to  act. 

After  making  several  phone  calls  to 
the  competing  firms’  management  — 
in  effect,  telling  them  to  cease  and  de¬ 
sist  —  Maguire  met  several  rose  recipi¬ 
ents  for  lunch  to  chat  about  their  jobs 
and  future  prospects  at  Epitec. 

The  lesson:  It’s  critical  to  stay  in 
touch  and  keep  key  IT  talent  happy. 

Maguire  acknowledges  that  belt¬ 
tightening  has  made  it  tough  to  find 
new  ways  to  keep  personnel  content 
without  breaking  the  bank.  “We’ve 
never  offered  enormous  monetary 
bonuses,  but  wre  do  try  hard  to  keep 
our  IT  professionals  happy,”  she  says. 
The  company  uses  fairly  inexpensive 
employee  appreciation  initiatives. 

Other  businesses  are  working  harder 
to  keep  communication  lines  open,  de¬ 
livering  straight  talk  about  corporate 
performance  to  help  IT  employees  un¬ 
derstand,  first,  how  w'ell  or  poorly  the 

nnpany  is  performing  and,  second, 
the  impact  of  their  contributions  on 
•  \e  business. 


For  example,  Cognos  Inc.,  a  busi¬ 
ness  intelligence  software  company  in 
Ottawa,  recently  staged  a  few  in-house 
events  during  which  a  marketing  exec¬ 
utive  spoke  to  the  IT  department  to 
describe  how  recent  networking  and 
software  improvements  had  radically 
improved  productivity  for  marketing 
executives  in  Australia. 

Another  senior  executive  talked 
about  how  an  upcoming  upgrade  of 
Cognos’  database  to  Oraclelli  will  dra¬ 
matically  improve  shipping  and  distri¬ 
bution  processes  within  the  company. 

The  reason  for  the  communication? 
After  months  of  bad  news  about  layoffs 
and  other  economic  declines,  “we 
wanted  our  employees  to  know  we  un¬ 
derstand  they  are  working  hard,  and 
we  appreciate  their  efforts,”  says  Rob 
Collins,  CIO  at  Cognos. 

The  significantly  scaled-down 
bonuses,  perks  and  incentives  that 
budget-strapped  companies  have  to 
offer  these  days  are  keeping  IT  work¬ 
ers  on  board  —  for  now.  At  Epitec,  for 


instance,  an  account  repre¬ 
sentative  visits  each  IT 
consultant  once  a  month 
to  talk  about  work  or  air 
grievances.  The  corporate 
newsletter  lists  employees 
recognized  by  peers  for 
outstanding  work. 

An  “award  patrol”  deliv¬ 
ers  special  plaques  and  bal¬ 
loons  to  those  who  have 
earned  praise  on  the  job. 

The  company  hosts  an  em¬ 
ployee  appreciation  month 
featuring  events  like  office¬ 
wide  pizza  lunches  and 
family  bowling  nights  once 
a  week  for  four  weeks.  And  IT  staffers 
receive  gifts  for  staying  with  the  com¬ 
pany,  such  as  a  leather  portfolio  after 
three  years  and  a  watch  at  10  years. 

In  addition,  while  some  companies 
have  cut  benefits  such  as  matching 
401(k)  contributions,  Epitec  actually 
added  that  benefit  this  year. 

Now  the  company  boasts  a  98%  pro¬ 
ject  completion  rate  —  which  means 
IT  staff  assigned  to  specific  projects 
either  complete  those  projects  or  are 
hired  by  the  client  again  98%  of  the 
time  —  a  statistic  that  Epitec  says  is 
unrivaled  in  the  IT  services  industry. 

Keeping  IT  talent  on  board  is  no 
longer  solely  about  stock  options  and 
designer  coffees.  It’s  important  to  pro¬ 
vide  work/life  balance,  say  analysts 
and  recruiters.  And  it’s  “even  more 
critical  to  connect  an  IT  professional’s 
job  to  specific  business  goals  to  im¬ 
prove  your  chances  of  retaining  top 
IT  talent,”  says  Phyllis  Klees,  a  partner 
at  Deloitte  &  Touche  LLP’s  Human 
Capital  Advisory  Services  practice 
in  San  Jose. 

At  Cognos,  the  onus  is  on  manage¬ 
ment  to  make  IT  personnel  understand 
the  importance  of  their  contributions 
on  the  job,  Collins  says.  And  that’s  not 
always  easy  to  do.  The  lesson  is  that 
“the  length  of  an  IT  professional’s  stay 
at  any  company  is  most  affected  by 


whether  he  or  she  has  a 
wonderful  boss,  good  ca¬ 
reer  growth  opportunities 
and  whether  he  or  she  is 
having  fun,”  Collins  says. 

He  says  many  companies 
fail  to  retain  employees 
“because  they  think  when 
times  are  tough,  we  better 
shut  up.”  But  he  says  that 
behavior  is  completely 
wrong.  “If  you  hide  infor¬ 
mation  from  employees, 
hideous  things  like  Enron 
can  emerge.  A  culture  of 
secrecy  is  not  in  anyone’s 
best  interest,”  Collins  says. 

Meanwhile,  recruiters,  human  re¬ 
sources  executives  and  CIOs  say  that  al¬ 
though  more  IT  professionals  are  avail¬ 
able  for  hire,  finding  workers  with  the 
right  skill  sets  to  meet  the  increasingly 
rigorous  demands  set  by  corporations  is 
difficult.  “There’s  more  talent  to  choose 
from,  but  it’s  still  challenging  to  find 
those  with  the  experience  and  skills  to 
meet  our  corporate  clients’  growing 
list  of  requirements,”  Maguire  says. 

Analysts  and  recruiters  also  say 
some  companies  have  taken  advantage 
of  the  skills  glut  to  vigorously  upgrade 
their  IT  workforces  —  in  many  cases, 
they’re  firing  IT  workers  and  hiring 
lower-cost  but  more-skilled  people  to 
replace  them.  And  some  who  are  still 
holding  on  to  their  jobs  say  having  a 
job  right  now  is  compensation  enough. 

But  CIOs  and  other  recruiting  ex¬ 
perts  worry  that  after  months  of  lay¬ 
offs  and  corporate  belt-tightening, 
there  will  likely  be  much  turnover  as 
the  need  for  IT  talent  rises,  creating  a 
talent  shortage  all  over  again. 

The  Information  Technology  Associ¬ 
ation  of  America  (ITAA)  in  December 
reported  that  U.S.  companies  hired 
359,000  IT  workers  between  October 
and  December  2002  and  dismissed 
211,000  IT  employees,  for  a  net  gain  of 
148,000  workers.  The  total  number  of 
U.S.  IT  workers  stood  at  10.1  million 
last  month,  compared  with  9.9  million 
in  January  2002,  according  to  the  ITAA. 

The  bottom  line:  “Most  IT  profession¬ 
als  are  tired  of  hearing  continuing 
news  about  layoffs  at  companies  like 
General  Electric  and  Motorola,”  says 
Maria  Schaffer,  an  analyst  at  Stamford, 
Conn.-based  Meta  Group  Inc.  “If  com¬ 
panies  continue  to  operate  purely  in  a 
cost-cutting  mode,  as  soon  as  the  eco¬ 
nomic  situation  improves,  the  best  per¬ 
formers  will  leave.”  I 


DePompa  is  a  freelance  writer  and  editor 
in  Germantown,  Md.  Contact  her  at 
bdepompa@comcast.net. 


U.S.  IT  Employment 


Between  October  and  December  2002: 


HIRED  IT  WORKERS 


Total  number  of  U.S.  IT  workers: 


LAID-OFF  IT  WORKERS 


211,000 

■  Net  job  gain:  148,000 


SOURCE  INFORMATION  TECHNOLOGY  ASSOCIATION  OF  AMERICA.  DECEMBER  2002 
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Every  customer  is  an  investment.  But  are  you  investing  wisely? 
mySAP™  CRM,  the  only  open  and  integrated  CRM  solution,  makes  valuable 
customer  data  available  to  your  entire  organization.  In  real  time.  So  the  back 
office  knows  what  the  front  office  knows,  which  makes  it  easier  to  give 
customers  what  they  need.  A  lot  more  efficiently.  And  for  a  lot  less  money. 
Visit  sap.com  or  call  800  880  1727  to  find  out  more  about  mySAP  CRM. 
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■  WHO:  Jon  Walker,  human 
resources  global  director,  Dow 
Chemical  Co.,  Midland,  Mich. 

a  PROBLEM:  Receiving  lots  of 
r6sum6s,  complete  with  all  the 
trendy  IT  and  business  buzzwords, 
but  not  having  a  consistent,  cost- 
cfficient  or  effective  way  to  quickly 
and  accurately  assess  job  seekers’ 
true  abilities  or  their  potential  for 
success  at  the  company. 

Dow,  a  S28  billion  company  with 
more  than  900  sites  in  65  coun¬ 
tries,  is  organized  into  eight  global 
business  units,  none  of  which  had 
the  ability  to  archive  and  track 
resumes.  This  meant  that  a  hiring 
manager  in  one  business  unit  had 


BY  JULIA  KING 

ow  chemical  co.  was  used 
to  receiving  literally  thou¬ 
sands  of  resumes  —  via 
postal  mail  and  e-mail  — 
which  would  pile  up  and  go 
ignored  until  a  hiring  man¬ 
ager  was  presented  with  a  job  requisi¬ 
tion  for  a  chemist,  database  specialist, 
manufacturing  manager  or  maybe  a 
plant  operator.  Manually  sifting 
through  the  resumes  to  find 
the  people  with  the  right  skills 
for  the  job  could  take  weeks 
or  even  months.  Add  to  that 
another  several  weeks  to  con¬ 
tact  the  appropriate  applicants, 
set  up  and  conduct  interviews,  and  re¬ 
view  notes  from  those  interviews,  and 
a  full  financial  quarter  could  pass  be¬ 
fore  a  new  employee  was  actually 
hired  and  working  at  the  company 
back  in  early  2001. 

Today,  Dow’s  hiring  cycle  time  is 
down  from  an  average  of  95  days  to  30 
to  35  days.  Its  headhunter  and  other  re¬ 
cruiting  costs  are  down  25%,  and  it  has 
cut  its  job  advertising  costs  by  35%. 


no  way  of  knowing  about  a 
qualified  job  seeker  who  may  have 
applied  to  the  company  through  a 
different  business  unit. 

■  SOLUTION:  Dow  implemented  a 
central  electronic  repository  into 
which  all  incoming  r6sum6s  from 
around  the  world  -  including  those 
posted  from  third-party,  Web- 
based  job  boards  -  are  directly 
tunneled.  Skills  profiles  are  created 
for  all  applicants  and  are  auto¬ 
matically  checked  for  a  match 
each  time  a  new  job  requisition  is 
entered  into  the  system.  An  appli¬ 
cation  service  provider  was  hired 
to  install  and  then  manage  the 
technology  on  a  day-to-day  basis. 


This  is  primarily  the  result  of  imple¬ 
menting  an  automated  resume-track¬ 
ing  and  worker-profile  system  hosted 
by  RecruitSoft  Inc.,  a  San  Francisco- 
based  application  service  provider. 

The  system  has  paid  for  itself  within 
nine  months  of  deployment  and  has 
earned  a  6-to-l  return  on  investment 
over  the  past  two  years,  according  to 
Jon  Walker,  Dow’s  human  resources 
global  director. 

How  It  Works 

All  job  applications  and  re¬ 
sumes  generated  by  newspaper 
advertisements,  Internet  job 
boards  and  recruiter  referrals 
are  directed  to  Dow’s  corporate  Web 
site,  where  they  are  immediately  fun- 
neled  into  the  RecruitSoft  system.  Dow 
hiring  managers  who  tap  into  the  sys¬ 
tem’s  central  repository  can  immedi¬ 
ately  review  resumes.  They  can  also 
create  templates  to  ask  applicants  very 
specific  questions  in  order  to  validate 
their  experience  and  expertise. 

For  example,  for  a  European  sales 
job  opening,  a  template  might  include 
questions  about  the  applicant’s  pass¬ 
port  status,  ability  to  travel  and  lan¬ 
guage  skills. 

“The  faster  you  can  talk  to  [appli¬ 
cants],  the  more  you  can  share  your 
goals  and  culture,  and  the  faster  you 
can  make  a  match,”  says  Walker. 

“We’re  a  science  and  technology  com¬ 
pany,  not  just  a  chemical  company,  so 
we’re  trying  to  hire  the  same  technolo¬ 
gy  people  as  Intel  or  finance  people  as 
Merrill  Lynch.”  Even  in  a  down  econo¬ 
my,  speed  is  critical  to  acquiring  the 
best  and  the  brightest  talent,  he  notes. 

Even  more  useful  is  the  system’s 
central  repository,  which  now  contains 
thousands  of  resumes  against  which 
Dow  hiring  managers  can  quickly  com¬ 
pare  incoming  job  requisitions. 

Walker  tells  the  story  of  a  young 
woman  who  was  rejected  for  an  audi¬ 
tor’s  job  in  the  office  of  the  comptrol¬ 
ler.  Later,  a  financial  analyst  position 
opened  up  in  the  company’s  finance 
department.  “But  before  they  even 


STEALS 
THIS  IDEA 


When  you  hire 
someone  before  you 
even  post  the  job,  it 
reduces  your  cycle 
time  immensely. 

JON  WALKER.  HUMAN  RESOURCES 
GLOBAL  DIRECTOR,  DOW  CHEMICAL  CO. 


advertised  the  job,  this  woman’s  pro¬ 
file  popped  up  against  the  requisition, 
and  they  hired  her  on  the  spot.  When 
you  hire  someone  before  you  even  post 
the  job,  it  reduces  your  cycle  time  im¬ 
mensely,”  Walker  says. 

“Before,  when  we  had  paper  re¬ 
sumes,  we  had  no  centralized  way  to 
do  any  kind  of  consistent  workflow,” 
he  says.  “Now  the  deal  is  we  have  a 
system  that  doesn’t  sleep.” 

The  Web-based  RecruitSoft  system 
also  allows  Walker  to  create  future  em¬ 
ployee  supply-and-demand  scenarios 
by  analyzing  the  experiences,  skills 
and  competencies  contained  in  worker 
profiles  stored  in  the  central  reposito¬ 
ry.  “We’re  now  able  to  track  the  right 
people,”  he  says. 

Looking  ahead,  Walker  says  he  fore¬ 
sees  Dow  exchanging  applicant  profile 
information  with  other  companies,  ex¬ 
cluding  Dow’s  direct  competitors. 

“Why  not  do  this,  especially  if  the 
company  is  a  customer  of  ours?”  he 
asks.  “We  could  go  from  100,000  pro¬ 
files  to  1  million  profiles  to  create  a  tal¬ 
ent  pool  and  a  network  that  works  bet¬ 
ter  for  everyone.”  I 


Only  SAS  provides  you  with  a  complete  view  of  your 
customers.  So  you’ll  understand  their  needs,  enhance 
their  lifetime  value  and  achieve  greater  competitive 
advantage.  To  find  out  how  leading  companies  are 
reaping  the  rewards  of  SAS  customer  intelligence 
software,  call  1  866  270  5723  or  visit  our  Web  site. 


www.sas.com/customer 


The  Power  to  Know, 
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ALEX  ZOGHLIN, 
chief  technology 
officer  at  Orbitz 
LLC,  will  leave  the 
company  in  April 
but  plans  to  stay 
on  as  a  consultant. 
Zoghlin  recruited 
his  own  team  of 
developers  and 
has  positioned  the 
travel  reservations  company  with 
what  he  estimates  is  a  40%  cost 
savings  from  its  Linux  platform.  As 
a  result,  Orbitz  is  able  to  offer  con¬ 
sumers  an  easy-to-use  online  book¬ 
ing  tool  with  a  wide  range  of  travel 
choices.  He  spoke  with  Computer- 
world's  Jean  Consilvio  about  some  of 
his  other  accomplishments  at  Orbitz. 

Compared  with  an  average  of  less 
than  24  months,  three  years  as  CTO 
is  a  long  time.  What  made  you  stay? 

I  had  some  specific  personal  goals; 

I  wanted  to  be  part  of  developing  the 
best  software  development  team. 
There  are  key  ingredients  to  starting 
[and  building]  the  best  companies, 
and  one  of  them  is  people _ I  want¬ 

ed  to  be  part  of  a  team  that  was  going 
to  grow  through  one  of  those  spurts. 


How  did  you  recruit  your  software 
team?  Great  developers  want  to  work 
with  great  developers. ...  Our  recruit¬ 
ment  process  is  very  painful.  About 
one  out  of  100  applicants  [is  hired, 
and  we  have  50  to  60  developers 
now], ...  I  started  with  a  few  great 
core  developers  and  then  told  them 
they  needed  to  hire  people  better  than 
themselves.  No  matter  where  I  look,  I 
see  people  greater  and  better  than 
those  that  hired  them  on. . . .  That  ex¬ 
cellence  in  people  is  not  just  in  our 
software  team,  it's  also  the  CEO,  CFO 
and  HR  staff.  They're  great  people 
that  took  a  long  time  to  hire  because 
of  the  skill  set,  drive,  desire,  execu¬ 
tion,  operational  history  [we  look  for], 
I  leave  the  company  in  great  hands. 


How  do  you  see  yourself  as  a  leader? 

I  see  myself  standing  on  the  shoulders 
of  giants,  mostly  because  of  my  hiring 
style,  hiring  people  better  than  me 
and  then  getting  out  of  the  way. . . . 

I  spend  a  lot  of  time  making  sure  bu¬ 
reaucracy  doesn't  get  in  the  way  of 
efficiency.  And  the  end  result  is  I  end 
up  looking  really  good,  because  I  let 
the  people  I  hire  do  their  jobs. 


JOHN  BERRY 


ROI  or  Your 
Money  Back 


THIS  YEAR,  we  might  witness  the  injection 
of  a  powerful  new  dose  of  value  into  val¬ 
ue-based  contracting.  As  vendors  contin¬ 
ue  to  build  their  sales  efforts  around  an 
ROI  narrative  —  and  some  will  —  their 
customers  are  likely  to  be  concerned  about  the  profit 
impact  of  IT  investments,  not  just  how  long  it  takes  the 
vendor  to  return  a  help  desk  call. 

At  least  a  few  companies  are  already  infusing  their  IT 
investment  decision-making  with  financial  models  to 
forecast  expected  returns.  At  the  same  time,  more  than 
a  few  vendors  have  begun  to  build  their  sales  pitches 


around  the  ROI  story.  The 
emergence  of  these  parallel 
agendas  suggests  that  we 
will  see  more  value-based 
contracting  in  the  future. 

Deals  will  be  struck  in  such 
a  way  as  to  reflect  the  cus¬ 
tomer’s  keen  desire  to  link 
some  percentage  of  the  IT 
vendor’s  compensation  to 
measurable  financial  out¬ 
comes.  Should  this  forecast 
hold,  the  implications  for 
the  vendor/customer  rela¬ 
tionship  will  be  profound. 

These  kinds  of  contrac¬ 
tual  arrangements  aren’t 
entirely  new.  In  the  broadest  sense, 
value-based  contracting  means  that 
some  of  a  vendor’s  compensation  is  at 
risk  and  dependent  upon  a  customer 
achieving  certain  financially  driven 
results  from  the  IT  investment.  The 
ability  to  shift  some  of  the  cost  burden 
and  risks  of  an  IT  investment  has  been 
a  powerful  tool  that  customer  compa¬ 
nies  have  used  to  design  contracts  for 
IT  services,  hardware  and  software. 
Under  one  value-based  approach 
known  as  gain-sharing,  vendor  and 
buyer  share  in  the  quantifiable  dollars 


saved  or  generated  from 
the  user’s  IT  project.  In  a 
shared  risk/reward 
arrangement,  the  buyer 
and  vendor  share  in  the 
cost  of  the  development 
of  the  project  and  in  the 
subsequent  spoils. 

Likewise,  service-level 
agreements  (SLA)  have 
been  constructed  to  ensure 
that  predefined  perfor¬ 
mance  goals,  such  as  sys¬ 
tem  uptime  and  availabil¬ 
ity  or  tech  support  turn¬ 
around  times,  are  met.  If 
these  guarantees  aren’t 
met,  the  vendor  reimburses  the  end 
user  or  pays  a  penalty. 

Now,  how  about  a  value-based  con¬ 
tract  with  an  SLA  guaranteeing  market 
share  percentage  increases,  faster  in¬ 
ventory  turns,  reductions  in  procure¬ 
ment  errors  or  increases  in  sales  per 
rep?  The  logic  is  simple:  If  vendors  are 
determined  to  sell  their  products  and 
services  based  on  a  metric-driven  eco¬ 
nomic  value  message,  then  customers 
will  expect  them  to  earn  part  of  their 
compensation  based  on  these  perfor¬ 
mance  indicators. 


johm  berry  is  an  IT  man¬ 
agement  consultant  and 
analyst  in  Bend,  Ore. 
He’s  currently  writing  a 
book  about  the  measure¬ 
ment  of  intangible 
assets.  Contact  him  at 
vision@according2jb.CQm. 


Is  the  day  coming  when  the  com¬ 
pany  CFO  cuts  a  check  for  a  technol¬ 
ogy  purchase  only  after  the  invest¬ 
ment  reaches  some  threshold  ROI  or 
beats  the  expected  payback  period? 

If  so,  vendors  are  facing  a  more 
demanding  marketplace  in  which  the 
financial  returns  they  peddle  in  their 
sales  and  marketing  efforts  become 
the  foundation  of  rigorous  financially 
driven  SLAs.  This  puts  their  compen¬ 
sation  at  risk. 

The  implications  of  this  arrange¬ 
ment  are  equally  profound  for  the  cus¬ 
tomer.  Metrics  built  into  such  SLAs 
will  oblige  the  buyer  to  treat  the  ven¬ 
dor  as  a  true  business  partner,  perhaps 
for  the  first  time. 

The  prospective  customer  will  be 
required  to  share  sensitive  business 
process  data,  its  cost  structures  and 
perhaps  its  road  map  for  future  prod¬ 
uct  or  service  innovation.  Many  com¬ 
panies  shopping  for  IT  resist  sharing 
cost  data,  let  alone  the  value  drivers 
moving  the  organization.  Given  the 
kind  of  strategic,  consultative  role  the 
vendor  will  inevitably  find  itself  in  as 
it  negotiates  the  sales  contract,  there’s 
no  avoiding  the  fact  that  buyer  and 
seller  will  need  to  slow-dance  through 
the  process,  not  bang  heads  in  the 
mosh  pit,  as  uncomfortable  as  that 
dance  might  be. 

How  can  this  new  value-based  rela¬ 
tionship  flourish  otherwise?  If  the 
prospect  seeks  an  arrangement  in 
which  it  pays  for  IT  based  upon  ROI 
results  but  then  refuses  to  reveal  the 
unique  levers  that  drive  its  profitabil¬ 
ity,  how  can  an  equitable  contract  be 
drafted?  Vendors  would  likely  feel 
as  if  the  wool  was  being  pulled  over 
their  eyes.  > 


WANT  OUR  OPINION? 

OFor  more  columns  and  links  to  our  archives,  go  to: 

www.computerworld.com/opinions 
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Better  Performance.  Better  Price. 

The  smartest  way  to  run  your  network  is  also  the  smartest  way  to 


run  your  business. 
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Dell  |  Managed  Switches 

PowerConnect™  3024*  Switch  PowerConnect™  3048*  Switch 


Scalable,  High-Performance  Managed  Switch 

•  24  Fast  Ethernet  Ports  Plus  2  Built-In  Gigabit  Uplinks 

•  Up  to  12.8  Gbps  of  Wire-Speed  Switching  Capacity 

•  Stackable  -  Supports  up  to  144  FE  Ports  in  a  Stack 

•  3-Yr  Next  Business  Day  Part  or  Unit  Replacement5’ 

as  low  as  SI  7/mo„  (46  pmts?’) 

60  Days  Same-As-Cash 

WWW  E-VALUE  Code:  16728-S10205 


Rack-Dense,  High-Performance  Managed  Switch 

•  48  Fast  Ethernet  Ports  Plus  4  Built-In  Gigabit  Uplinks 

•  Up  to  21.6  Gbps  of  Wire-Speed  Switching  Capacity 

•  Stackable  -  Supports  up  to  144  FE  Ports  in  a  Stack 

•  3-Yr  Next  Business  Day  Part  or  Unit  Replacement5’ 

as  low  as  $29/mo„  (46  pmts?) 

60  Days  Same-As-Cash 

E-VALUE  Code:  16728-  S10209a 


Recommended  upgrade:  Recommended  upgrade: 

•  3-Yr  7x24  4-Hr  Part  or  Unit  Replacement;-’  add  $77  •  3-Yr  7x24  4-Hr  Part  or  Unit  Replacement;’  add  $199 


It's  a  Dell,  so  you  know  you're  going  to  save  money.  But  let's  talk  performance. 

From  standard  Fast  Ethernet  to  high-speed  Gigabit  Ethernet  over  copper  or  fiber,  Dell 
PowerConnect  switches  are  designed  to  offer  full  wire-speed  and  non-blocking  performance. 
Recent  Tolly  lab  tests  confirmed  that  the  Dell  PowerConnect  3248  outperformed  industry 
leaders  by  as  much  as  47%.  Plus,  the  PowerConnect  5224  has  been  lauded  by  Tom's  Hardware 
Guide  for  its  performance  and  manageability  features  for  the  price.  PowerConnect  switches 
also  are  highly  interoperable  and  scalable,  making  them  ideal  for  building  a  first-time  network 


PowerConnect™  3248*  Switch  PowerConnect™  5224*  Switch 


High-Performance,  Enterprise  Class  Managed  Switch 

•  48  Fast  Ethernet  Ports  Plus  2  Built-In  Gigabit  Uplinks 

•  Multi-Layer  Traffic  Classification  at  Layers  2,  3,  and  4 

•  Advanced  Management  via  Browser  or 
Industry-Standard  CLI 

•  3-Yr  Next  Business  Day  Part  or  Unit  Replacement" 

as  low  as  S29/mo„  (46  pints?) 

60  Days  Same-As-Cash 

E-VALUE  Code:  16728- S10209b 


High-Performance  All-Gigabit  Managed  Switch 

•  24  Copper  Gigabit  Ports  Plus  4  SFP  Fiber  Uplinks 

•  Layer-3  Aware  Class  of  Service  Prioritization 

•  Advanced  Management  via  Browser  or 
Industry-Standard  CLI 

•  3-Yr  Next  Business  Day  Part  or  Unit  Replacement” 

as  low  as  $63/mo„  (46  pmts?) 
60  Days  Same-As-Cash 

E-VALUE  Code:  16728-S10221 


Recommended  upgrade:  Recommended  upgrade: 

•  3-Yr  7x24  4-Hr  Part  or  Unit  Replacement;'  add  $199  •  3-Yr  7x24  4-Hr  Part  or  Unit  Replacement;’  add  $299 


or  expanding  your  existing  one.  So  not  only  will  you  get  one-of-a-kind  Dell  performance  for  less 
but,  perhaps  more  importantly,  there'll  be  fewer  headaches  too. 

Dell  PowerConnect  3248  Outperforms 
the  Cisco  Catalyst  2950  and  3COM 
SuperStack  3  Switch  4400  by  up  to 
47%  in  Layer  2  Throughput  Tests.' 

Tolly  Group  Report  #202149 
-  September  2002 
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CERTI  FI  ED 


Growing  your  network.  Easy  as 


Click  www.dell.com/swifch  Call  1-800-289-7051 


Call:  M-F  7a-9p|Sat  8a-5p  CT 

Pricing,  specifications,  availability,  and  terms  of  offer  may  change  without  notice.  Taxes  and  shipping  charges  extra,  and  vary,  and  not  subject  to  discounts.  U.S.  new  purchases  only.  Dell  cannot  be  responsible  for  errors  in  typography  or  photography. 


•This  device  has  not  been  approved  by  the  Federal  Communications  Commission  for  use  in  a  residential  environment.  This  device  is  not,  and  may  not  be,  offered  for  sale  or  lease,  or  sold  or  leased  for  use  in  a  residential  environment  until  the  approval  of  the  FCC  has  been  obtained. 
’■Monthly  payment  is  based  on  48-month  QuickLoan  at  12.99%  interest  rate  for  qualified  Small  Business  customers.  Your  interest  rate  and  monthly  payment  may  be  same  or  higher,  depending  on  your  creditworthiness.  Minimum  transaction  size  of  $500  required.  Maximum 
aggregate  financed  amount  not  to  exceed  $25,000.  Under  60  Days  Same-As-Cash  QuickLoan,  interest  accrues  during  first  60  days  after  QuickLoan  Commencement  Date  (which  is  five  days  after  product  ships)  if  balance  not  paid  within  these  60  days.  OFFER  VARIES  BY 
CREDITWORTHINESS  OF  CUSTOMER  AS  DETERMINED  BY  LENDER.  Taxes,  fees  and  shipping  charges  are  extra  and  may  vary.  Not  valid  on  past  orders  or  financing.  QuickLoan  arranged  by  CIT  Bank  to  Small  Business  customers  with  approved  credit  Technician,  replacement  part  or 
unit  (depending  on  service  contract)  will  be  dispatched  if  necessary  following  phone-based  troubleshooting.  Service  may  be  provided  by  third-party  provider.  Subject  to  parts  availability,  geographical  restrictions  and  terms  of  service  contract.  Service  tinting  dependent  upon  time  of 
day  cal!  placed  to  Dell.  Replacements  may  be  refurbished.  U.S.  only.  'Tolly  Group  Report  #202149  was  commissioned  by  Dell.  Dell,  the  stylized  E  logo,  E-VALUE,  and  PowerConnect  are  trademarks  of  Dell  Computer  Corporation.  ©2003  Dell  Computer  Corporation  All  rights  reserved. 
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For  more  information  on  advertising  in 


Marketplace 

STOP  everything  and  call  me  now!, 
(800)  622-1108  ext.  6465 


pentium®/// 


Cybernet  has  created  the  most  common  sense  PC  ever. 

That’s  right!  We’ve  gotten  rid  of  the  Box. 
Wondering  how  we  were  able  to  put  an  entire 


Saves  space 


Elite-ll™  ^ 

Zero-Footprint-PC™ 

with  LCD  flat  screen  monitor 


PACKAGE  #  ZPC-2030  INCLUDES: 
Intel' Pentium  III  Processor® 
866MHz.  128MB  RAM.  40GB  HD. 
24X  CDRom.  15"  LCD  Flat  Screen 
Monitor.  PS2  Mouse.  Microsoft 
Windows®  XP  Home  Edition 


Units  available  in  . black  or  beige. 

All  Zero-Footprint-PC  Elite-ll  models  come  standard  with:  Intel 
Pentium  III  processor  or  Intel  Celeron  processor  with  64  MB  RAM 
upgradeable  to  1GB.  40GB  IDE-7200RPM  hard  disk  (upgradeable 
to  any  size.  std.  3.5"  IDE).  10/100  ethernet  (LAN).  2  Serial. 
1  parallel.  4  USB  and  2  PS/2  ports.  3D  AGP  video.  1  PCI 
expansion  slot,  built  in  speakers  and  3D  sound 
...ail  built  inside,  all  backed  by  a  2  year  warranty. 


Wastes  space 


Optional  Features:  CD  or  CDRW/DVD  combo,  1.44MB  slim 
(loppy  drive.  56K  internal  modem,  dual  video.  TV  out.  your 
choice  of  LCD  flat  screen  displays  (touch  screen  available). 
Microsoft  Windows  9X /2K /NT  /XP 


Now,  enjoy  the  extra  space  and  save 
money. 

Zero-Footprint-PC  is  ideal  for  IT  managers  or 
any  individual  PC  user  looking  to  save  space. 
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Space  Saving  Technology 


For  different  options  and  models  visit  us  at: 

or  call;  or  call  toll  free  3S-834-45" 

©2002.  Cybernet  Manufacturing.  Inc.  alfrighls  reserved.  The  Cybernet  logo  and  Zero-Footprint-PC  are  trademarks  ol  Cybernet  Manufacturing,  tnc. 

Intel  Inside.  Pentium,  Celeron  are  trademarks,  or  registered  trademarks  of  Intel  Corporation,  or  its  subsidiaries  in  the  United  States  and  other  countries. 
Mti^rgg«tpf£d trademarks  are  property  pf  their  respective  owners.  Prices  and  specifications  are  subject  to  change  without  notice.  All  prices  are  excluding  tax  and  shipping 


Products 

purchased 

as  a  result  of 

* 

Marketplace: 

Hubs 

Routers 

Software  training 
Memory  products 
Ethernet  Cards 
Netware  products 
Modems 

Testing  equipment 
Multiplexers 
File  servers 

For  more 
advertising 
information  in 
Marketplace 
contact  me  now!, 
(800)622-1108 
ext.  6465 
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Network  World, 
Computer  world, 
and  In  to  World 
Help  You  Do 
A  Better  Job. 

Now  Let  Us  Help 
You  Get  One. 

Call: 

1-800-762-2977 

careers 


SENIOR  PROGRAMMER/ANA¬ 
LYST  to  analyze,  design,  develop 
and  maintain  web-based  applica¬ 
tion  software  in  a  client/server 
environment  using  C,  C++,  Visual 
C++,  Visual  Basic,  MFC.  SDK. 
Win  32  API,  COM/DCOM,  ATL, 
MS.NET  Framework,  OOAD/UML, 
VC++.NET,  C#,  ASP.NET,  MS 
Access,  VBA,  XML,  HTML, 
DHTML,  ASP,  ADO,  SQL  Server, 
Oracle,  Active-X,  Crystal  Reports 
and  Rational  Rose;  Mentor  junior 
programmers.  Require;  B.S.  de¬ 
gree  in  Computer  Science,  an 
Engineering  discipline,  or  a  close¬ 
ly  related  field  with  two  years  of 
experience  in  the  job  offered  or  as 
a  Software  Engineer/Consultant. 
Extensive  travel  on  assignments  to 
various  client  sites  within  the  U.S. 
is  required.  Competitive  salary 
offered.  Apply  by  resume  to:  Shri 
Gangal,  President,  Syspro 
Technologies,  Inc.,  3091  Holcomb 
Bridge  Rd.,  Suite  H-2,  Norcross, 
GA  30071;  Attn:  Job  GG. 


Software  Engineers  needed: 
Seeking  candidates  possessing 
MS/BS  or  equiv.  and/or  rel.  work 
experience.  Part  of  the  req.  rel. 
work  exp.  must  include  1  years 
working  with  Java,  J2EE  & 
Servlets.  Duties  include: 
Research,  design  and  develop 
internet/intranet  based  software 
applications;  build  web  architec¬ 
ture  and  provide  technical  sup¬ 
port  to  client  websites. 
Experience  with  XML,  JSP  and 
Oracle  a  plus.  Must  be  willing  to 
travel  &  relocate.  Mail  res.,  &  ref. 
to:  Aptare  Inc.,  627  Peachtree 
Ct.,  Campbell,  CA  95008. 


Various 

Openings 

We  have  openings  for 
Design  Specialist,  Game 
Designer,  Producer, 
Software  Engineer  and 
Programmer/Analyst. 
Los  Angeles  areas.  Send 
resumes  to  3100  Ocean 
Park  Blvd.,  Santa 
Monica,  CA  90405 


Talent  is 
the  fuel  of 
the  new 
economy. 


Fill  up 
with 


1 1  careers  and 
ITcareers.com 


can  put  your 
message  in  front 
of  2/3  of  all  US 
IT  professionals. 
If  you  want  to 
make  hires, 
make  your  way 
into  our  pages. 
Call  Nancy 
Percival  at 
1-800-762-2977 

ITcareers 

where  the  best 
get  better 


Programmer  Analysts  needed. 

A  leading  governmental  organi¬ 
zation  has  excellent  career 
opportunities  for  qualified  indi¬ 
viduals  to  Join  our  IT  team. 
Candidates  must  possess  a  BS 
or  equivalent  in  Engineering, 
MIS,  Business,  or  related  field. 
Relevant  experience  may  be 
substituted.  Requires  three  or 
more  years  experience  analyz¬ 
ing  software  requirements  and 
performing  software  develop¬ 
ment  in  a  client  server  environ¬ 
ment.  Must  be  able  to  work  with 
the  following:  Oracle  Forms  and 
Reports  with  PL/SQL  program¬ 
ming,  VB.  ERWIN.  Oracle  9i 
database  knowledge  with  Oracle 
certification  preferred.  Some 
duties  include  database,  design 
development  and  implementa¬ 
tion  of  custom  applications.  Mail 
resume  and  references  to: 
ATTN:  HR  Manager,  2910  East 
5th  Street,  Austin,  TX  78702. 


Software  Engineer.  Develop,  de¬ 
sign  and  modify  applications  soft¬ 
ware  or  specialized  utility  programs 
using  PeopleSoft  in  the  implemen¬ 
tation  of  Enterprise  Resource 
Planning.  Analyze  user  needs  and 
develop  and  implement  solutions  to 
meet  business  and  operational 
needs  within  Human  Resources. 
Design  or  customize  software  using 
PeopleSoft.  Participate  in  system 
testing  and  problem  resolution. 
Requires:  M.S.  degree  (or  foreign 
equiv.)  in  Comp.  Science,  Eng.  or 
related  field.  3  yrs.  exp.  in  the  job 
offered  or  as  Analyst  or  Program¬ 
mer.  Exp.,  which  may  have  been 
obtained  concurrently,  must  include 
3  yrs.  exp.  developing  applications 
for  Enterprise  Resource  Planning 
and  3  yrs.  exp.  using  PeopleSoft. 
EOE.  40  hrs./wk.;  8:00  a.m.  to  5:00 
p.m.  Send  resume  (no  calls)  to: 
Steven  Herrmann,  CTG,  Inc.,  52 
East  Market  Street,  3rct  Floor, 
Coming,  NY  14830-2709. 


Applications  Consultants 
needed:  Seeking  qualified 
candidates  possessing 
MS/BS  or  equiv.  and/or  rel. 
work  exp.  Part  of  the  req.  rel. 
work  exp.  must  include  two 
years  working  with  SAP. 
Duties  include:  Research, 
design  and  develop  software 
applications;  analyze  soft¬ 
ware  requirements  and  pro¬ 
vide  technical  support.  Mail 
res.,  ref.  and  sal.  req.  to:  e- 
Prosoftgroup,  LLC,  5617 
Byrneland  St.,  Madison,  Wl 
53711. 


Software  Engineer  -  Dev  & 
dsgn  comp  software  relat¬ 
ing  to  MS  comp  networks 
used  in  web  development  & 
e-commerce  industry  in  S. 
&  Latin  America.  BS  in 
Comp  Engineering,  knowl¬ 
edge  of  MFC,  MS.net 
Architecture,  visual  C++, 
VB,  Java,  Scripting  and 
SQL  databases  reqd  w/  2 
yrs  exp.  Apply  to  Personnel, 
Emida  Managed  Systems, 
LLC,  2200  S.  Dixie  Hwy, 
#603,  Miami,  FL  33133. 


Universal  Business  Consulting, 
Inc  has  openings  in  Delaware  & 
nationwide  for  computer  proffls 
w/2  yrs  of  exp  in  the  foil  skills: 
VB,  VBScript,  Delphi,  Java. 
JavaScript,  J2EE,  JVMPI,  JNI. 
JDI,  EJB,  JBuilder,  Visual  Age 
for  Java,  PB,  C++,  VC++, 
COM/DCOM,  SQL  Server, 
HTML/DHTML,  Active  X,  Site 
Server,  IIS.  ASP.  JSP,  Web 
Logic,  WebSphere,  Visual 
Source  Safe.  CORBA 
(Visibroker),  CodeWright,  Kawa, 
EDI.  CGI/Perl,  CSS,  XML,  XSL, 
DSDM,  TCP/IP,  CML,  COBOL- 
11,  VS-COBOL,  IMS,  DB2,  CICS, 
JCL,  VS  AM,  TSO/ISPF,  DB2 
Stored  Procedures,  MQSeries, 
Oracle,  PL/SQL,  Oracle  Forms, 
Orale  Reports,  Oracle  Appl's, 
Manufacturing,  Fin’ls  &  Supply 
Chain  Mgmnt,  Oracle  1 1  i  CRM 
Appl’s,  OneWorld  XE, 
Sunsolaris  Admin, Broadvision, 
OLAP,  Actuate  Reporting,  Bus. 
Objects,  SAP,  ABAP/4,  Cognos 
Impromptu,  SOAP,  UML,  File 
Aid,  QMF,  RogueWave,  Novell 
Netware,  Win  NT/2000,  Unix  & 
Shell  Scripting.  Positions  req 
Bachs  Deg  or  Mast  Deg. 
Equivalent  deg  &  exp  is  accept¬ 
ed.  Send  res: 
hrd@ubcincorp.com. 


COMSYS  is  an  established  IT 
consulting  firm  that  serves  lead¬ 
ing  corporations  including  174 
of  the  Fortune  500.  With  COM¬ 
SYS,  you  get:  Extensive 
Benefits,  Additional  Compen¬ 
sation  for  referrals,  and 
Professional  Challenges  with 
training  and  assignments  to 
keep  you  at  the  forefront  of 
technology.  With  30  offices,  we 
need  the  sen/ices  of  experi¬ 
enced  consultants  across  the 
US: 

•  Computer  Programmers 

•  Programmer  Analysts 

•  Systems  Analyst 

•  Software  Engineers 

•  User  Support  Specialists 

•  BA's 

•  Business  Analysts 

•  Project  Leaders 


r n 

( COMSYS 


Submit  resume  to: 

COMSYS 
3030  LBJ  Freeway 
Suite  905 
Dallas,  TX  75234 
www.comsys.com 
Fax:  972-960-0914 
EOE/M/F/DV 


Lead  Software  Engineer  (2)  - 
Technical  design/coding/funct. 
design,  rsch  technol.,  lead  fea¬ 
ture  sub-teams,  screen  &  pro¬ 
vide  orient,  to  Soft.  Eng.,  knowl¬ 
edge  source  for  soft,  develop., 
assist  support  org.  by  answer 
quest.  &  work  on  critical  oust, 
issues.  Master's  degree  in 
Comp.  Sc.,  Eng.,  or  rel.  field  or 
bachelor's  degree  in  same  fields 
+  5  years  progr.  exp.  as  Soft. 
Developer,  Soft.  Eng.,  or 
Programr/ Analyst  req'd.  Must 
be  proficient  in  Windows 
NT/2000/Delphi/MS  SQL/Report 
or  Power  Builder/COM/DCOM. 
$83,073/yr  -  $85,550/yr,  40 
hrs/wk,  OT  as  need.  Send 
resume:  D.  Root,  HR  Director, 
Alogent,  4005  Windward  Plaza, 
Alpharetta,  GA  30005. 


De  La  Rue  Cash  Systems  is  seek¬ 
ing  a  Systems  Team  Leader  for 
Lisle,  IL.  Candidate  will  direct  a 
team  of  programmers  who  will 
develop  and  maintain  systems  and 
applications  used  to  manufacture, 
service  and  maintain:  (1)  teller  cash 
dispenser  and  currency  counters 
using  pattern  and  magnetic  coun¬ 
terfeit  detection  methods,  and  (2) 
high  volume  coin  counter  and  coun¬ 
terfeit  rejection  machines  for  use  :n 
banks  and  financial  institution.  Will 
direct  programmers  using  Oracle 
products  operating  in  a  UNIX  envi¬ 
ronment  and  manage  Crystal 
Enterprise  operating  on  an  IBM 
ASA  400  computer  to  track  manu¬ 
facturing  lead  times  and  delivery  of 
TCD  and  high  volume  coin  and  cur¬ 
rency  counters  to  insure  contracts 
are  completed  as  required.  Will 
direct  team  members  to  verify  data 
integrity  and  to  maintain  proper 
data  recovery  and  backup  systems, 
and  hardware  failures.  Will  also 
direct  team  members  using  Crystal 
Reports  and  Crystal  Enterprises  to 
provide  various  reports  including 
statistical  data  of  service  response 
repair  times.  Please  send  resumes 
to  Information  Technology  Depart¬ 
ment,  705  South  12th  Street, 
Watertown,  Wl  53094. 


SENIOR  SOFTWARE  ENGINEER 
to  install,  configure,  maintain  and 
troubleshoot  UNIX  servers  under 
SUN  Solaris  and  AIX  operating  sys¬ 
tems  using  DNS,  NIS,  NFS.  Veri¬ 
tas  NetBackup  and  Tivoli  Storage 
Manager;  Develop  specialized 
scripts  to  automate  and  monitor 
production  operations  using  Shell; 
Install  and  configure  software  in¬ 
cluding  Oracle,  HACMP,  IBM  ESS 
SHARK,  EMC  SAN,  RS/6000  SP2, 
SUN  Solaris  El  0000,  Veritas 
Cluster,  LANFREE  backup,  Oracle 
Financial,  PeopleSoft,  P690  Regat¬ 
ta  Server  and  Disaster  recovery  of 
SP2;  Support  Storage  Area  Net¬ 
work  and  enterprise-class  RAID 
arrays;  Conduct  routine  hardware 
and  software  audits  of  UNIX  ser¬ 
vers  for  compliance  with  estab¬ 
lished  standards,  procedures  and 
configuration  guidelines;  Monitor 
and  tune  system  for  optimum  per¬ 
formance.  Require:  Bachelor’s  de¬ 
gree  in  Computer  Science/Engin¬ 
eering,  or  a  closely  related  field 
with  five  years  of  progressively 
responsible  experience  in  the  job 
offered  or  as  a  Systems  Adminis¬ 
trator.  Extensive  travel  on  assign¬ 
ments  to  various  client  sites  within 
the  U.S.  is  required.  Competitive 
salary  offered.  Apply  by  resume  to: 
Ramona  Moody,  Lend  Lease  Real 
Estate  Investments,  3424  Peach¬ 
tree  Road,  NE,  Suite  800,  Atlanta, 
GA  30326;  Attn:  Job  SD. 


Data  Warehouse  Analyst 
-  Min  Edu  -  Bachelor's 
Degree  or  equi,  Min 
Exp-Adequate  industry 
experience.  Job  may 
involve  working  at  vari¬ 
ous  unanticipated  loca¬ 
tions  throughout  the  US. 
Please  send  resumes  to 
e-centives,  Inc.,  Attn: 
HR,  950  Tower  Lane, 
Suite  #  1750,  Foster 
City,  CA  94404. 


Software  Engineers  needed: 
Seeking  candidates  possessing 
MS/BS  or  equiv.  and/or  rel.  work 
experience.  Part  of  the  req.  rel. 
work  exp.  must  include  1  year 
designing,  implementing  and 
supporting  multi-tier  systems, 
working  with  EJB  technologies 
and  RDMS.  Duties  include: 
Analyze,  design  and  develop 
technical  workflow  of  projects 
and  provide  tech  support  to 
client  websites  and  apps. 
Experience  with  JSP/HTML/ 
DHTML,  CSS  &  JavaScript  a 
plus.  Mail  res.,  &  ref.  to:  Guzman 
&  Company,  1200  Brickell  Ave, 
14th  Floor,  Miami,  FL  33131. 


Programmer  Analysts 
needed.  Seeking  qual. 
cand.  possessing  BS  or 
equiv.  and/or  relevant 
work  exp.  1  year  of  the 
required  relevant  expe¬ 
rience  must  include 
working  with  J2EE,  Unix 
&  iPlanet.  Mail  resume 
&  ref.  to:  iCompliance, 
Inc.,  4955  Evergreen 
Valley  Way,  Alpharetta, 
GA  30022,  ATTN:  HR 


Computers:  Programmer  Analy¬ 
sts  needed:  Seeking  candidates 
possessing  BS  or  equiv.  and/or 
rel.  work  experience.  Part  of  the 
req.  rel.  work  exp.  must  include 
2  years  working  with  Oracle 
Designer,  Developer,  Applica¬ 
tion  Server  and  PLSQL.  JAVA 
and  Oracle  cluster  experience  a 
plus.  Duties  include:  Design, 
develop  and  implement  Oracle 
database  applications;  Perform 
data  modeling  &  analyze  and 
resolve  technical  problems.  Mail 
res.,  &  ref.  to:  American 
Arbitration  Association,  Atten¬ 
tion:  Human  Resources,  335 
Madison  Ave  Floor  10,  NY 
10017.  Equal  Opportunity 
Employer  M/F/H. 
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SAW  Engineers  to  lead  teams  to 
analyze,  design,  develop,  test 
and  implement  Software  Appls 
using  Oracle  RDBMS,  Oracle 
Financial  ERP  Appls,  PL/SQL, 
XML,  Perl,  Pro*C,  C++,  Unix 
Shell  Scripting  and  Object 
Oriented  Techniques  on  Sun 
Solaris,  Unix  and  Windows  OS; 
perform  database  admin,  and 
tuning;  interact  with  clients  for 
req  analysis  and  feasibility 
study;  evaluate  team  members 
&  train  end  users. Require:  MS 
or  foreign  equiv  in  CS/Engg  (any 
branch)  with  3  yrs  exp  or  BS  in 
Finance/Business  or  foreign 
equiv  in  any  of  the  above  field 
with  5  yrs  relevant  progressive 
exp.  F/T.  High  Salary.  Travel 
Involved.  Resume  to:  HR, 
Fourth  Technologies.  Inc.,  1108 
N.  Bethlehem  Pike,  Suite  8, 
Lower  Gwynedd,  PA  19002. 


Consulting  Svcs.  Engr.  Atlanta. 
GA.  Mult,  openings.  Consult  w / 
clients  &  potential  clients  on 
transportation  resources  & 
needs.  Design  &  impl.  strate¬ 
gies  for  more  efficient  use  of 
client  resources,  using  company 
transp.  planning  technologies. 
Document  client's  transp. 
reqmts.  &  propose  solutions. 
Apply  company  techs,  to  enable 
planning  sys.  integration  w/ 
existing  client  sys.,  impl.  client- 
specific  software  code  & 
processes.  Req.:  MS  in  Indus. 
Eng.  Working  knowledge  (acad¬ 
emic  coursework  or  exp.)  of 
Visual  Basic,  Java,  C++,  SQL  & 
NT  Server;  logistical  analysis  to 
improve  efficiency;  &  supply 
chain  principles.  Pass  mandato¬ 
ry  proficiency  test.  Resumri 
Velant.  Inc.,  Attn:  Recruiting, 
900  Circle  75  Pkwy.,  Ste.  300, 
Atlanta.  GA  30339. 


IT  ARCHITECTURE  PRO¬ 
JECT  MANAGER  -  Direct  & 
coord.  IT  projects  w /  fin.  ind. 
clients,  mainly  German 
banks.  Req'd:  Fin.  MBA  &  4 
yrs.  exp.  in  job  or  Soft. 
Development  job  w/in  fin.  ind. 
Fluency  in  Germany;  ext.  exp. 
w /  IT  projs.  &  BA  in  CS  or  rel'd 
field.  Exp.  w/  Kondor+, 
Oracle,  Sybase,  ACBS,  & 
SQL.  Send  resumes  to 
Levada  Consulting,  Inc.  303 
South  Brdwy,  Ste.  100, 
Tarrytown,  NY  10591.  Attn: 
M.  Holzmann. 


Software  Developer 
Full-time  position  in  Wheaton, 
IL.  In  this  position  you  will  deliv¬ 
er  quality  code  in  a  collaborative 
environment,  as  well  as  docu¬ 
ment  and  communicate  techni¬ 
cal  and  architecture  information 
as  needed.  Required:  Master's 
degree  in  Engineering.  Computer 
Science  or  related  field;  1  +  year 
of  experience  in  developing  N- 
tier  DNA  application  using  ASP. 
VB.COM,  DCOM,  SQL,  server, 
javascript,  remote  scripting;  6+ 
months  experience  in  develop¬ 
ing  in  Web  Farm  Environment; 
and  6+  months  of  development 
experience  in  ASP.net,  VB.net, 
XML,  XSL  and  Xpath.  Contact 
miwinski@warrantycheck.com. 


Software  Engineer  II  (2  open¬ 
ings):  Develop,  integrate  and 
customize  software  components 
into  wireless  products.  Work  w / 
GSM/GPRS  Protocol  stack 
development  and  prototype 
hardware;  source  3rd  party  soft¬ 
ware  and  internally  develop  soft¬ 
ware  components  using  C/C++, 
Real-time  O.S.,  Unix.  Also 
debug  both  software  and  hard¬ 
ware.  Req.  Bachelor's  in  C.S.. 
E.E.  or  related  field  +  a  min.  of  2 
yr  exp.  in  job  offered.  Resume  to 
HR.  Matsushita  Mobile 
Communications  Development 
Co,  1225  Northbrook  Pkwy, 
Suwanee,  GA  30024 


Sr.  Programming  Analyst 
(multiple  positions).  Design 
customized  techn  appl  pro¬ 
grams.  Install  &  config  pro¬ 
gram  prod.  Determine  tech 
infrastructure  &  comm.  Req. 
Test  appl.  Analyze,  design  & 
develop  app.  Interfaces  using 
IBM  AS400,  RPGLE,  C/400  & 
Java/400.  Req.  BS  in  Comp. 
Sci.,  Comp  Eng.  Or  Elect. 
Eng.  And  5  yrs  exp  as  Pro¬ 
grammer.  40  hr/wk.  Job/inter¬ 
view  site:  Irvine,  CA.  Send 
resume  to  SVI  Solutions, 
5607  Palmer  Way,  Carlsbad, 
CA  92008. 


IP  Support  Engineer  wanted 
at  our  location  in  Nutley,  NJ  to 
support  technical  issues  for 
scheduled  daily  Network 
Migration  for  Reuters  Product 
and  Instinet.  Bachelor's  de¬ 
gree  in  Telecommunications 
or  a  related  field  and  at  least  2 
years  of  experience  in  Tele¬ 
communications  required.  Ex¬ 
perience  must  include  TCP/IP 
and  Cisco.  Must  speak 
Cantonese.  Please  e-mail 
resumes  to  Rebecca. gusta 
mente@radianz.com  (sub¬ 
ject:  Code  0312). 


Database  Administrator, 
Electronics  Distribution  Co. 
Minimum  6  years  exp. 
Design,  program,  and 
implement  database  appli¬ 
cations.  Provide  database 
systems  administration, 
including  managing  users, 
defining  user  security  poli¬ 
cies,  and  disaster  recovery. 
40  hrs/wk,  9AM-5PM. 
Competitive  salary.  Send 
resume  to:  Whale 

Enterprise,  5730  Oakbrook 
Pkwy.,  Ste  175,  Norcross, 
GA,  30093. 


Software  Engineer 

Design,  develop  &  maintain  soft¬ 
ware  for  weather  analysis  system. 
Build  communication  system  with 
weather  sensors  &  radar  data  cen¬ 
ter.  Research  &  develop  visualiza¬ 
tion  rendering  system  for  weather 
data  M  S.  in  CS  or  rel  &  6  mos. 
exp.  in  above  pos.  or  rel.  w/abil.  to 
use  C/C++  VC++.  Win32,  2D/3D 
computer  graphics.  Image  pro¬ 
cessing,  GIS.  Oracle.  SQL,  HTML, 
multiport  serial  I/O  communication 
protocols.  40.0  hr/wk.  9-5  Send 
resume  to:  Mr.  John  W.  Wessinger. 
Chief  Operating  Officer.  Baron 
Services.  Inc..  4930  Research  Dr., 
Huntsville,  AL  35805 


Software  Engineer  -  Min  2 
yrs  exp  Duties  include: 
analysis,  design  &  develop¬ 
ment  of  commercial  applica¬ 
tions  including  data  model¬ 
ing  &  database  design  using 
COLD  FUSION,  ASP,  COM, 
MFC,  VC++,  Verity  Search 
Engine,  NetGenesis,  Java, 
EJB  and  Oracle  database. 
Must  have  Master  s  degree 
in  Comp  Sci,  Comp  Engg  or 
Elec  Engg.  Send  resume  to: 
Netage  Consulting,  Inc.,  810 
Eisenhower  Blvd,  Suite  21, 
Middletown,  PA  17057. 
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Business  &  Information  Systems 
Administrator.  Administer  and 
manage  company  information 
structure.  Perform  all  IS  related 
functions.  Support,  maintain, 
and  enhance  current  JD 
Edwards  ERP  system  to 
achieve  business  strategies  and 
objectives.  Create,  maintain, 
and  distribute  business  reports 
from  ERP  system.  Design  and 
maintain  company  custom  soft¬ 
ware.  Oversee  and  perform  all 
IT  related  functions.  Position  is 
located  in  York,  Nebraska.  B.S. 
degree  req'd  (or  equiv.  educa¬ 
tion  or  experience)  w/  major  in 
Comp.  Sci.  or  related  field.  2  yrs 
of  experience  req’d.  Must  have 
proof  of  legal  authority  to  work  in 
the  United  States.  Send  resume 
to  Joe  Kardos,  15159  Andrew 
Jackson  Hwy  76  West,  Fair 
Bluff.  NC.  28439.  This  adver¬ 
tisement  is  paid  for  by  the 
employer. 


Asst.  Data  Analyst.  Asst. 
Data  Analyst  in  analyzing 
req.,  proc.  &  prob.  to 
design,  develop  &  test 
S/W  app.  to  process  or 
improve  existing  comp. 
Sys.  Req:  BS  in  Comp. 
Sci.  or  Info.  Sys.  40 
hr/wk.  Job/Interview  Site: 
Lawndale,  CA.  Send 
resume  to  Globiwest 
Mgmt.  Consultants,  Inc., 
14814  Hawthorne  Blvd., 
Lawndale,  CA  90260. 


Software  Engineer,  Medical  Appli¬ 
cations.  Design,  develop  and  test 
software  for  radiation  treatment 
planning  systems  including  proto¬ 
type  development,  Client-Server 
model  development,  algorithm  im¬ 
plementation,  and  extensive  valida¬ 
tion  testing  in  conformance  with 
FDA  requirements  utilizing  Motif,  C 
(including  pointer  memory  manage¬ 
ment),  C++  and  UNIX  shell  scripts. 
Requires  BS  in  Computer  Science, 
Engineering,  Physics  or  related 
field.  Must  be  presently  eligible  for 
permanent  employment  in  the  U.S. 
Send  resume  to  Human  Resour¬ 
ces,  Attn:  JFB,  Computerized 
Medical  Systems,  1195  Corporate 
Lake  Dr.,  St.  Louis,  MO  63122. 


Engineers  needed  in  Santa 
Clara,  CA  to  develop  lab 
automation  applications  soft¬ 
ware  using  graphical  pro¬ 
gramming  and  object  oriented 
programming  languages.  Use 
ASP,  Java  Script,  JSP  for  web 
based  applications.  Must 
have  a  Bachelor's  degree  in 
Electrical  Eng  and  1  1/2  yrs. 
exp.  in  job  offered  performing 
duties  listed  above.  E-mail 
resumes  to  ruth.hale@vi- 
tech.com  at  VI  Technology. 
Put  code  ENG  on  the  resume. 


S/W  Engineers  to  analyze, 
design,  develop  client  server 
appls  with  OO  methodology 
using  Java,  C.  C++,  VC++, 
J2EE,  XML.  UML,  JavaScript. 
COM,  CORBA,  etc.  on  Weblogic, 
IIS  under  Windows.  UNIX,  DOS 
OS;  interact  with  clients  &  ana¬ 
lyze  user  needs;  customize  soft¬ 
ware  for  client  use  to  optimize 
operational  efficiency;  assist  in 
quality  assurance.  Require  MS 
or  foreign  equiv.  in  CS/Engg  (any 
branch)  and  1  yr  exp  in  IT.  High 
salary.  Travel  required.  Send 
Resumes  to:  HR,  Opal  Soft.  Inc. 
3150  Almaden  Expwy  Ste  205, 
San  Jose.  CA  95118 


I71ET2S 

NET2S  is  a  leading  International 
Consulting  and  Engineering  firm 
specializing  in  communications 
technologies.  We  are  presently 
seeking  to  fill  the  following  posi¬ 
tions: 

Business  Analyst  (NYC) 

Develop  and  implement  marketing 
strategies.  Manage  sales  life  cycle 
including  client  presentations  and 
negotiations.  Oversee  project 
management  including  deploy¬ 
ment  and  roll  out.  Co-manage  pro¬ 
ject  center. 

Must  possess  excellent  communi¬ 
cation  skills  as  well. All  positions 
require  BS/MS  degree  with  a  min¬ 
imum  of  2  to  3  years  of  experience 
in  the  field.  Must  possess  excel¬ 
lent  communication  skills  as  well. 
NET2S,  82  Wall  Street  Suite  400, 
New  York,  NY  10005;  Fax:  (212) 
279-  1960;  Phone  (212)  279-6565; 
or  Email:  iobus-nv@net2s.com 


Data  base  analyst. 

Full  time,  competitive  salary 
offered.  Requires  bachelor 
degree  in  computer  science 
and  2  yrs  experience  in  job  of 
software  or  programmer  ana¬ 
lyst.  Experience  to  include  use 
of  visual  basic  v,  C++,  Msacess 
and  SQL  server.  Must  have 
proof  of  legal  authority  to  work 
permanently  in  the  U.S.  no 
phone  calis.  Interested  appli¬ 
cants  should  send  resume  to 
Nick  Shah,  Chem  -  Impex  Int 
Inc,  935  north  dillon  wood, 
dale,  IL  60191. 
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IT  CAREERS 


Ljbsys,  Inc.  a  fast  growing  software 
Development  Company  is  looking 
for 

Computer  Consultants: 

Should  have  a  bachelor's  degree  in 
computer  sdence/related  field  with 
2  years  experience  in  5  of  the  fol¬ 
lowing:  Oracle  Java.  J2EE,  HTML, 
Java  Script.  EJB.  XDI.  Web  Server, 
Magic,  TCP/IP.  Oracle.  XML, 
DB2.0S/MF/C0B0L,  VB,  Tera- 
data.  Crystal  reports. 

We  accept  foreign  education 
equivalent  of  the  degree,  or  the 
degree  equivalent  in  education 
and  experience. 

Send  Resume  to  SIVA@LIBSYS 
INC.COM  Attn:  9241  Fairway  211, 
Des  Plaines.  IL  60016 


Senior  Project  Leaders 

Abbott  Laboratories  in  Bed¬ 
ford,  MA  seeks  qualified 
Senior  Project  Leaders. 
Bachelors  degree  in  Comput¬ 
er  Science,  Computer  Tech¬ 
nology  or  related  required 
with  experience  in  architec¬ 
ture,  design  and  development 
of  Component  Based  Tech¬ 
nologies.  Respond  by  mail  to 
Abbott  Laboratories,  Dept. 
323,  Bldg.  AP6D2,  1 00  Abbott 
Park  Road,  Abbott  Park  IL 
60064-32537.  An  EOE.  Refer 
toad  code:  KE-MED-121. 


Software  Enng  -  Develop 
and  maintain  comp,  sys¬ 
tems  for  trading,  comm., 
inter/intranet  businesses, 
etc.  utilize  SAS  platforms, 
Oracle,  SQL  Server,  etc. 
Provide  tech.  supp.  in  OS 
internals,  etc.;  Min.  3/yrs 
exp.  in  job  offd  or  related 
and  B.S.  in  Enng,  Bus.  or 
related.  Exp.  ref.  req'd. 
Send  res:  Anid  Infosoft, 
2204  Haley  St.  Oxford,  MS 
38655 


Programmer 

Developing  software  applica¬ 
tions  for  the  company;  updating 
existing  applications;  solving 
database  &  networking  prob¬ 
lems.  B.S.  in  C.S.  or  rel.w/abil. 
to  use  C,  Java,  VB,  ASP,  SQL, 
Peri,  JavaScript,  Visual  C++, 
HTML.  Must  be  Sun  Certified 
Programmer  for  Java,  & 
Microsoft  Certified  Database 
Administrator.  40  hr/wk.  9-5. 
Resume  to:  Ms.  Saphura  S. 
Long,  President,  The  Prize 
Corporation,  5959  Shallowford 
Road,  Suite  309,  Chattanooga, 
TN  37415. 


NEED  TO  HIRE? 

START  WITH 
US! 


ITcareers.com  reach 
more  than  2/3  of  all  US 
IT  workers  every  week. 
If  you  need  to  hire  top 
talent,  start  by  hiring  us. 

Call  your  IT careers 
Sales  Representative  or 
Nancy  Percival  at 
1-800-762-2977. 


ITcareers 

where  the  best  get  better 


I  T.  Systems  Analyst.  Analyze  busi. 
req’ts  /  processes;  Map  /  configure 
busi.  process  in  SAP  R/3  Busi. 
Warehouse  (BW)  and  Strategic 
Enterprise  Mgmt  (SEM)  modules; 
Develop  /  implement  BW  and  SEM 
modules  in  SAP  R/3;  Develop 
Datamarts  /  Bex  Queries;  Design 
Infocubes;  Create  custom  infosys- 
tem;  Create  reports  in  BW  /  SEM 
modules;  Develop  /  publish  SEM 
planning  functions. 

B.S.  in  Comp.  Sc,  EE,  Electronics, 
or  similar  +18  mo.  exp.  in  SAP 
R/3.  In-depth  know,  of  BW,  SEM 
Quality  Mgmt,  SAP  Portals. 
$100,000.00/yr.  Travel  req’d. 
Work  site  locations  vary.  Must 
have  perm,  work  auth.  to  be 
employed  in  the  U.S.  Send 
resume  to  McKeesport 
CareerLink,  ES  Supervisor,  345 
Fifth  Ave.,  McKeesport,  PA  15132- 
2600.  Refer  to  job  order  #  301989. 


SAS  Programmer  Analyst. 
Utilize  statistical  tools  and  meth¬ 
ods  to  develop/write  computer 
programs  for  clinical  studies 
using  Statistical  Analysis 
System  (SAS).  MVS,  JCL,  TSO, 
ISPF,  DB2,  Win  2000.  Bachelor 
degree  in  MIS,  Stat,  or  sim  field, 
or  equiv,  req'd,  as  is  2  yrs  exp  as 
a  SAS  P/A  or  in  a  stat  prog  posi¬ 
tion.  In  lieu  of  a  bach  degree  and 
2  yrs  exp,  employer  will  accept 
masters  degree,  or  equiv  in  edu 
or  exp.  Prior  exp  or  edu  must 
include  exp  with  SAS  and  clini¬ 
cal  studies.  Competitive  salary. 
May  be  assigned  to  various 
locations  in  US.  Resumes:  W 
Tankersley,  Resource  Mgr, 
Computer  Task  Group,  Inc,  Job 
No  1886.31,  5875  Castle  Creek 
Pkwy,  Ste  208,  Indianapolis,  IN 
46250. 


Several  computer  related 
positions  available  for 
large  software  develop¬ 
ment,  support  and  sales 
company.  Degree,  techni¬ 
cal  skills  &  experience 
vary  per  position.  Send 
resume  to  Susan  Stubbs, 
MAPICS,  Inc.  1000 
Windward  Concourse 
Parkway,  Suite  100, 
Alpharetta,  Georgia 
30005. 


Sunrise  Systems  Inc.,  has 
multiple  openings  in  PA,  NY 
&  NJ  areas  for  experienced 
pros.  System/  Prog  Analysts, 
Database  Admin/  Analysts, 
Database  Dev/  Designers, 
Software/  Computer  Engr, 
Unix/  Network/  NT  Admin  in 
the  areas  of  Oracle,  Unix,  C/ 
C++,  Windows  NT,  Java,  Web 
Development,  SAP,  etc.  We 
offercompetitive  salary  based 
on  experience.  Send  resume 
to:Sunrise  Systems  Inc.  PO 
Box  4647  Metuchen,  NJ 
08840 


Stellar  Services  seeks  an 
experienced  systems  engi¬ 
neer.  Must  have  a  Master’s 
degree  in  Computer  Science/ 
Engineering,  and  2  years  of 
experience  in  Web  access 
security,  and  Windows  NT 
environment  analysis,  and 
design.  Knowledge  in  security 
protocols  &  architecture,  Virus 
protection  and  strong  techni¬ 
cal  writing  skill  are  required. 
Please  send  resume  and 
cover  letter  to  HR  Dept.,  156 
5th  Avenue,  Suite  1134,  New 
York,  NY  10010. 


Manager,  Lead  and  Senior 
Consultant  positions  in 
Washington,  DC.  Philadelphia, 
McLean, Va.  Position’s  require 
bachelor's  (some  positions 
require  master's)  degree  in 
Computer  Science,  Engineering 
(any  field),  Business,  Information 
Systems  or  related  field  and  2  to  5 
yrs  of  experience  in  systems 
analysis,  development  or  manage¬ 
ment,  database  or  systems 
requirements  or  consulting,  project 
or  engagement  management,  or 
related  exp. 

Competitive  salary  and  benefit 
offered.  Please  fax  resume  to 
1-888-APPLYDT  and  identify 
job  code:  ERNOIVRCPWM. 

Deloitte  &  Touche  LLP  is  an  equal 
opportunity  firm. We  recruit, 
employ,  train,  compensate  and 
promote  without  regard  to  race, 
religion,  creed,  color,  national  ori¬ 
gin,  age,  gender,  sexual  orienta¬ 
tion,  marital  status,  disability  or 
veteran  status. 


Database  Administrator  (Tera- 
data  &  SQL  Server)  Business 
Objects  Administrator.  Install, 
upgrade,  configure  &  consoli¬ 
date  database  servers;  monitor 
resource,  database  usage  & 
security;  assist  w/logical  dsgns, 
physical  implmtn  of  data  & 
capacity  planning;  dvlp  custom 
ETL  tools  &  disaster  recovery 
plans;  perform  Business  Objects 
s/ware  installation,  upgrade  & 
admin.  BS  in  Comp  Sci,  MIS, 
Engg  or  related  field  +1  yr  exp  in 
job  offd  or  as  Database  Admin 
or  similar  duties  under  different 
job  title.  Exp  to  incl  Teradata 
DBA,  SQL  Server  DBA,  & 
Microstrategy  &  Business 
Objects  Admin.  40hrs/wk. 
$55,21 6/yr.  Must  have  proof  of 
legal  auth  to  work  in  US.  Send 
your  resume  to  IA  Workforce 
Center,  215  Keo  Way,  Suite  100, 
Des  Moines,  IA  50309-1727. 
Please  refer  to  Job  Order 
IA1 101660.  Employer  paid  ad. 


SOFTWARE  ENGINEERS  (8  posi¬ 
tions);  require  Bachelor’s  in  Engin¬ 
eering/Computer  Science/Mathe¬ 
matics/Science  or  closely  related 
field  with  experience  providing 
skills  in  described  duties,  at 
$65,000  per  year;  Senior  Software 
Engineers  (8  positions)  with  Mas¬ 
ter’s  and  two  years  experience,  at 
$70,000  per  year.  Provide  on-site 
consulting  in  design,  analysis  and 
development  of  software  applica¬ 
tions  for  legacy  systems  in  IBM 
mainframe  environment;  develop¬ 
ment  and  administration  in  Oracle, 
DB2,  SQL  Server  and  Sybase;  e- 
commerce  and  web  applications 
development  in  Microsoft,  Java 
and  related  technologies;  network 
management  systems  develop¬ 
ment  with  Netscape  Server  and 
related  tools;  SAP  R/3  applications 
on  Windows  with  DOS  and 
ABAP/4  and  related  modules.  40% 
travel  to  client  sites  in  the  United 
States.  Mail  resumes  to:  YASH 
Technologies,  Inc.,  Human  Re¬ 
sources,  605  17th  Avenue,  Suite  1, 
East  Moline,  IL  61244. 


Director  of  S/ware  Applies  & 
Prgmg-LA.  Manage  &  coord 
comp,  prgmg  &  s/ware  applic 
activities.  Bach  in  comp,  sci., 
CIS  or  reltd  comp,  fid  +4  yr 
exp  in  job  offd  or  as  s/ware 
dvlpmt  mgr.  Must  be  proficient 
in  Code  Warrior  on  MacOS, 
MS  Visual  C++,  x86  Ass¬ 
embly,  Power  PC  Assembly, 
Nintendo  GameCube  OS  & 
Python,  &  familiar  w/3-D 
graphics  &  human  interface 
dsgn.  Send  resume  &  Itr  to 
Wendy  McAfee,  Vivendi 
Universal  Games,  6080 
Center  Dr.,  Los  Angeles,  CA 
90045. 


DATABASE  ADMINISTRA¬ 
TORS;  Following  design  specifi¬ 
cations  and  instructions  from 
senior  database  managers  and 
database  architects,  DBAs  will 
apply  knowledge  of  data  base 
management  systems  to;  design 
logical  and  physical  data  bases; 
coordinate  physical  changes  to 
data  bases  and  codes;  and 
tests,  maintain  and  implement 
physical  data  base.  Duties 
include:  assist  in  the  day-to-day 
operation  of  Oracle  data  base 
systems  in  UNIX  mainframe 
environment  including  ETL, 
table  creation,  table  analysis, 
table  indexing,  query  creation, 
and  implement  query  and  ETL 
requests  from  internal  staff  ana¬ 
lysts  and  scientists  using 
ACCESS  or  another  database 
system.  Min.  Reqts.:  BS/BA  (for¬ 
eign  equivalent  accepted)  in  CS, 
IT,  EE  or  related  AND  2  yrs  exp. 
in  job  offered  OR  2  yrs  exp.  in 
related  occup.  as  Oracle  Data 
Base  Administrator.  PLUS,  must 
have  demonstrated  knowledge 
of;  (1)  Oracle  data  base  archi¬ 
tecture  in  UNIX  mainframe  envi¬ 
ronment;  (2)  SQL,  PL/SQL  and 
SQL  Loader;  and  (3)  data  base 
maintenance.  Basic  pay  is 
$63,200  per  year  for  full-time 
employment  (Mon-Fri.,  9-5)  and 
standard  company  benefits. 
EEO.  Submit  2  resumes  and 
respond  to  Case  No.  200115268 
and  or  Case  No.  20015267, 
Labor  Exchange  Office,  19 
Staniford  Street,  1st  Floor, 
Boston,  MA  02114. 


IT  Specialist  (Denver)  -  Order, 
install,  maintain,  configure  & 
implement  MVS  &  OS/390  soft¬ 
ware  prod.,  relating  to  DB2  & 
CICS  on  an  IBM  mainframe. 
Track  changes  using  Vantive’s 
PCRM  prod,  for  release  imple¬ 
mentation.  Perform  Systems 
Admin,  functions  for  DB2,  CICS 
&  assoc,  products  using  SMP/E, 
JCL,  VSAM,  JES3,  TSO/ISPF, 
BMC  tools,  CAFC,  Oracle 
Gateway,  SEQUELLINK,  Main- 
view  for  DB2,  &  Network  Data 
Mover  (NDM);  Troubleshoot  & 
maintain  software  prod.  & 
OS/390  to  ensure  problems  are 
rapidly  diagnosed  &  fixed;  par¬ 
ticipating  in  Hotsite  planning  & 
regularly  scheduled  disaster 
recovery  tests;  Perform  capacity 
mgmt  &  tuning  activities  incl. 
definition  &  modification  of  data¬ 
bases  &  assist  w/implementa- 
tion  of  an  optimal  relational  data¬ 
base  design.  Req;  2  yr  exp  SW 
Eng/DB  Admin,  +  Wkg  knowl¬ 
edge  of;  DB2  &  CICS  Sys. 
Programming  on  IBM  Mainframe 
w/OS/390;  DB2  DBA, SMP/E, 
JCL,  VSAM,  JES3,  TSO/ISPF, 
BMC  Tools,  CAFC,  Oracle 
Gateway,  SEQUELLINK,  Main- 
view  for  DB2,  Network  Data 
Mover;  Hot  site  planning,  capac¬ 
ity  planning,  physical  database 
design;  Send  resumes  to: 
Colorado  Dept  of  Labor,  Two 
Park  Central,  Suite  400,  1515 
Arapahoe  Street,  Denver,  CO 
80202.  Ref  job  #C05036000. 


f7lET2S 

NET2S  is  a  leading  International 
Consulting  and  Engineering  firm 
specializing  in  communications 
technologies.  We  are  presently 
seeking  to  fill  the  following  posi¬ 
tions: 

•  Sr.  Tibco  (RV,  Integration  Mgr) 
Developer 

•  TIBCO/TRIARCH  Systems 
Engineer 

•  Sr.  Security  Systems  Engineer 

All  positions  require  BS/MS  de¬ 
gree  with  a  minimum  of  2  to  3 
years  of  experience  in  the  field. 
Must  possess  excellent  communi¬ 
cation  skills  as  well. 


NET2S,  82  Wall  Street  Suite  400, 
New  York,  NY  10005;  Fax:  (212) 
279- 1960;  Phone  (212)  279-6565; 
or  Email:  jobus-ny@net2s.com 


Boehringer  Ingelheim  Pharma¬ 
ceuticals,  Inc.  has  an  immediate 
opening  in  its  Ridgefield, 
Connecticut  facility  for  the  posi¬ 
tion  of  Lead  Business  Analyst. 

Provide  business  knowledge  and 
technical  leadership  in  identifying 
projects,  conducting  feasibility 
studies,  evaluating  system  de¬ 
sign  and  determining  cost/benefit 
and  economic  justification  on  all 
IT  projects  to  address  the  sys¬ 
tems  and  technology  needs  of  the 
assigned  business  area. 

Must  possess  a  Bachelor's 
degree  or  its  equivalent  in 
Business  Administration,  Compu¬ 
ter  Science,  Information  Systems 
or  a  related  field  and  relevant 
experience  with  SAP-Business 
Analysis  skills  in  SD  and  HR 
modules,  the  development  of 
custom  database  programs  using 
Oracle,  Visual  Basic  and  SQL- 
based  RDBMS,  automated  tools 
to  automate  SAP  test  script  spec¬ 
ifications  and  Software  Project 
Implementation  and  Analysis. 

Resume  and/or  cover  letter  must 
reflect  each  requirement  above 
and  specify  reference  code  AD- 
GCD/GC0103  or  it  will  be  reject¬ 
ed. 

Forward  resume  to;  Bl  Staffing 
Center,  PO  Box  534,  Waltham, 
MA  02454.  Fax  number  (781) 
663-2431. 

Email:  BIPI@BI-careers.com 


Unix  Systems  Administrator 
(Info  Tech  Specialist  4).  Support 
client/server  applies  on  ITD  & 
agency  servers  on  an  enterprise 
LAN/WAN  &  Internet  envrmt, 
incl  all  phases  of  AIX  admin  in 
complex  internet  envrmts;  web 
admin,  incl  setup  &  maintenance 
of  WebSphere,  SSL,  MQ  Series, 
&  DB2;  shell  scripting  in  CSH  & 
KSH;  provide  dsgn  services  for 
high  availability,  high  capacity 
secure  hardware  platforms;  & 
service  related  to  entire  matrix  of 
ITD  provided,  cooperative,  or 
agency  consulting.  BS  in  Comp 
Sci,  MIS  or  Engg  or  equiv  edu¬ 
cation  &  exp  +2  yrs  exp  in  job 
offd  or  as  Comp  Consultant  or 
similar  duties  under  different  job 
title.  2  yrs  exp  or  equiv  educa¬ 
tion  &  exp  w/AlX;  WebSphere; 
MQ  Series;  install/operate  multi- 
job  &  personal  comp,  networks, 
database  mgmt  systms,  servers; 
dvlp  business  appl  processes, 
operating  systm  prgms,  info 
mgmt  training;  IT  customer  ser¬ 
vice;  dsgn  &  admin  internet 
sites.  Need  12  sem  hrs  or  6  mos 
exp  or  comb  in:  Linux,  prgmg 
lang,  SAS,  Unix,  other  main¬ 
frame/midrange/mini  operating 
systms,  personal  comp,  systms 
prgmg/mgmt.  40  hrs/wk, 
$40K/yr.  Must  have  proof  of 
legal  auth  to  work  in  US.  Send 
your  resume  to  IA  Workforce 
Center,  215  Keo  Way,  Ste  100, 
Des  Moines,  IA  50309-1727. 
Please  refer  to  JO  IA1 101661. 
Employer  paid  ad. 


EXPERIENCED  IT 
PROS  NEEDED 

DBAs,  P/A,  &  Proj.  Managers  to 
design,  develop,  admin,  and 
support  DBs;  Sybase,  SQL 
Server,  Informix,  Oracle&  Rdb. 
Disaster  recovery  plan/imple¬ 
ment,  per.  tuning,  back  up/ 
restore,  and  troubleshoot. 
Expert  in  WinNT,  VAX/VMS, 
SCOUnix,  TCP/IP,  PowerBuild¬ 
er,  Access,  and  C++  MS 
Proxy/SMS  Server  &  IIS  to 
develop  web  DB  applications. 
Expert  RDB  theories,  CASE  & 
RDBMS  physical  implementa¬ 
tions  required.  Job  Location; 
San  Francisco  Area  and 
Phoenix.  Please  submit  resume 
to:  Apex  Software,  Inc.,  4718  E. 
Cactus  Road,  #206,  Phoenix, 
AZ.  85032 


Business  Process  Analyst. 
Work  Sched  8:00AM-5:00PM  40 
hrs/wk.  $64,377.70  P/A.  Design, 
evaluate,  analyze,  develop  & 
support  corporation’s  central 
vehicle  invoicing  &  cost  of  sales 
systems.  Evaluate,  define  soft¬ 
ware  testing  methods,  redesign 
infrastructure  &  process,  &  ana¬ 
lyze  systems  using  COBAL, 
CICS,  DB2,  JCL,  VSAM,  IMS- 
DB  &  C/C++.  Analyze,  design, 
implement,  &  support  of  data¬ 
base  for  the  vehicle  invoicing, 
dealer  billing,  tracking  systems, 
Electronic  Data  (EDI)  &  SAP 
interface  for  several  countries  & 
Account  Receivables  at  corpo¬ 
rate  &  plant  levels.  Use  multiple 
application  development  tools 
including  Visual  Basic  and 
C/C++,  management  system. 
Interface  with  end?users  to 
develop  system  requirements  & 
provide  in-depth  applications 
support.  Work  in  technical  envi¬ 
ronment  including  Microsoft 
Windows  95/98  &  IBM  RS6000 
Unix,  improve  all  aspects  of 
vehicle  invoicing  &  dealer  billing, 
tracking  &  cost  of  sales  systems 
&  improve  software  quality  & 
integrate  with  existing  systems 
on  client.  Bachelor,  Any 
Engineering  Degree.  2  Yrs.  exp. 
in  Job  or  Related  Occupation(s) 
of  Engineer,  Computer  Progr¬ 
ammer,  Programmer  Analyst  or 
Systems  Analyst.  2  Yrs.  of 
Related  Occupation  exp.  must 
include  evaluation,  defining  of 
software  testing  methods, 
redesign  of  infrastructure  & 
process,  &  analysis  of  systems 
using  COBAL,  CICS,  DB2,  JCL, 
VSAM,  IMS-DB  &  C/C++,  which 
may  be  concurrent  with  Related 
Occupation  exp.  Employer  Paid 
Ad.  Send  resume  to  MDCD, 
P.O.  Box  11170,  Detroit.  Ml 
48202,  Ref.  No.  202587. 


Network  Engineer:  The  network 
engineer  will  provide  technical 
consulting,  network  implementa¬ 
tion,  device  configuration,  router 
and  switch  installation,  &  trou¬ 
bleshooting  services  for  clients. 
Manage  implementation  of  net¬ 
work  projects  &  develop  &  main¬ 
tain  program  specs  &  documenta¬ 
tion.  Experience  with  Microsoft 
BackOffice  family  of  products, 
multi-vendor  UNIX,  network  design 
and  implementation,  firewalls  and 
other  aspects  of  network  security 
required.  Must  have  experience  in 
Frame  Relay,  packet  switching, 
network  management,  ISDN. 
CSU/DSU,  SNA/SDLC/SNMP,  and 
protocol  analysis.  Employment 
requires  B.S.  in  computer  science 
or  electronics  engineer  &  2  yrs. 
Exp.  in  job  offered.  Must  possess 
current  certifications  as  follows: 
Microsoft  Certified  Systems 
Engineer,  Cisco  Certified  certifi¬ 
cates  for  Design  Engineer  & 
Network  Professional  &  Design 
Asso.;  and  Checkpoint  certificates 
for  security  Engineer  and  Security 
Administrator.  Will  work  40  hr.  wk., 
8:00  am  to  5:00  pm;  no  O/T.  sal. 
$70,000  per  yr.  Send  resume  to 
Illinois  Department  of  Employment 
Security,  401  S.  State  St.  -  7 
North,  Chicago,  IL  60605;  Atten: 
Leonard  Boksa;  Ref  #  V-IL  33787  - 
B.  An  Employer  Paid  Ad.  No  Calls 
-  Send  2  copies  of  both  resume 
and  cover  letter.  Only  fully  qualified 
should  apply. 


Computers  -  Sr.  Technical 
Consultants  needed.  Seek¬ 
ing  qual.  cand.  possessing 
MS/BS  or  equiv.  and/or  rel. 
work  exp.  Part  of  the  exp. 
must  include  2  yrs.  working 
with  BaanERP.  Work  with  3 
of  the  following:  Java,  XML, 
BaanERP,  Baan  Open- 
World,  VB.  Must  be  willing 
to  travel  as  req’d.  Fwd. 
resume  &  ref.  to: 
e-Emphasys  Tech.,  Attn: 
HR,  219  E.  Chatham  St., 
#102,  Cary,  NC  27511. 
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Continued  from  page  1 

NT  Server  4.0 

which  is  due  out  in  April,  and 
to  consider  the  possibility  of 
skipping  the  Windows  2000 
Server  release  entirely. 

Jon  Dell’Antonia,  vice  presi¬ 
dent  of  IT  at  OshKosh  B’Gosh 
Inc.  in  Oshkosh,  Wis.,  said  the 
support  extension  may  allow 
him  to  push  into  2005  the  mi¬ 
gration  of  roughly  150  Win¬ 
dows  NT  servers  that  sit  in  the 
back  rooms  of  stores. 

So  far,  support  hasn’t  been  a 
worry  for  Dell’Antonia  be¬ 
cause  the  vendor  for  his  com¬ 
pany’s  point-of-sale  systems, 
Datavantage  Corp.  in  Cleve¬ 
land,  pledged  to  support  Win¬ 
dows  NT  if  Microsoft  didn’t. 

For  many  companies  in  the 
midst  of  migrations,  the  exten¬ 
sion  isn’t  expected  to  have  a 
significant  impact  on  plans. 

Financial  services  firm  Key¬ 
Corp  in  Cleveland  has  migrat¬ 
ed  roughly  450  Windows  NT 
servers  to  Windows  2000 
Server  and  already  has  a  strat¬ 
egy  to  move  its  remaining 
1,350  NT  boxes  to  Windows 
2000.  Ann  Louis,  vice  presi¬ 
dent  of  enterprise  technology 
operations,  said  KeyCorp  will 
continue  on  its  planned  con¬ 
version  path. 

‘A  Little  Leeway’ 

A  technical  architect  at  a  large 
insurance  company  said  the 
IT  department  had  set  a  “hard 
date”  to  be  off  Windows  NT 
Server  by  year’s  end,  and  the 
support  extension  merely  pro¬ 
vides  “a  little  leeway.” 

“I  doubt  we’ll  change  the 
date,  but  it’s  nice  to  have  the 
margin,”  he  said. 

Although  Microsoft’s  deci¬ 
sion  to  tack  on  an  additional 
year  of  support  for  Windows 
NT  Server  was  generally  laud¬ 
ed  by  users  and  analysts,  the 
extension  doesn’t  cover  all  of 
the  company’s  support  op¬ 
tions.  Pay-per-incident  and  se¬ 
curity  “hot  fixes”  will  be  avail¬ 
able  through  Dec.  31,  2004,  but 
the  company  will  no  longer 


provide  nonsecurity  hot  fixes 
to  premier  support  holders  af¬ 
ter  Dec.  31,  2003. 

A  hot  fix  is  a  modification 
to  commercially  available  Mi¬ 
crosoft  product  code  to  ad¬ 
dress  a  specific  problem.  As  of 
Jan.  1, 2004,  any  customer 
wanting  a  nonsecurity  hot  fix 
will  have  to  obtain  a  custom 
contract,  according  to  a  Mi¬ 
crosoft  spokesperson. 

Bob  O’Brien,  a  group  prod¬ 
uct  manager  in  the  Windows 
server  division,  said  the  year- 
end  elimination  of  nonsecuri¬ 
ty  hot  fixes  was  “a  customer 
satisfaction  and  business  deci¬ 
sion,  given  we  are  continuing 
to  see  an  increase  in  Windows 
2000  deployments  coupled 
with  a  decrease  in  NT  4  re- 


They  fill  gaps  in 
Notes,  Domino 
functionality 

BY  TODD  R.  WEISS 

ORLANDO 

Among  the  5,000  attendees 
from  around  the  world  at  last 
week’s  IBM  Lotusphere  2003 
conference  were  IT  leaders 
from  companies  on  separate 
but  similar  missions:  to  find 
out  how  to  make  their  Lotus 
Notes  and  Domino  systems 
meet  their  specific  needs. 

And  often,  the  answers  came 
not  from  IBM,  but  from  niche 
companies  that  build  add-ons 
for  Notes  and  Domino. 

James  Greene,  senior  Lotus 
Notes  infrastructure  analyst  at 
Duke  Energy  Corp.  in  Char¬ 
lotte,  N.C.,  was  looking  to 
solve  the  problem  of  e-mail 
eating  up  storage  space.  One 
possible  solution  was  PKZip 
Professional  Edition  6.0,  fea¬ 
turing  integration  with  Notes. 

The  product,  from  PKWare 
Inc.,  compresses  and  encrypts 
attachments  [QuickLink 
35865].  It  would  reduce  Duke 


NT  Server  4.0 
Support  Phaseout 

The  following  support  options 
will  no  longer  be  available  as 
of  the  dates  indicated: 

Jan.  1,  2004:  Nonsecurity 
hot  fixes 

Jan.  1,  2005:  Pay-per-inci- 
dent  and  premier  support; 
online  support 


quests  for  fixes.”  He  added, 
“The  trend  toward  migration 
and  consolidation  is  a  better 
area  to  focus  resources.” 

How  much  of  an  impact  the 
elimination  of  nonsecurity  hot 
fixes  will  have  remains  to  be 
seen.  Microsoft  acknowledged 


Energy’s  e-mail  storage  needs 
and  add  security  for  the  25,000 
Notes  users  and  5,000  Micro¬ 
soft  Exchange  users  Greene 
supports.  “It  seems  that  may¬ 
be  using  the  attachment  fea¬ 
ture  [to  compress  the  file 
size],  encrypting  it  and  then 
sending  it  out  may  be  the  solu¬ 
tion,”  Greene  said. 

Michael  Bulis,  program 
manager  for  industrial  manu¬ 
facturer  Ingersoll-Rand  Co.  in 
Woodcliffe,  N.J.,  wanted 
knowledge  management  im¬ 
provements  for  Notes  and 
Domino  and  was  looking  at 
List  Server  for  Domino  3.x 
products  from  Bright  Ideas 
Software  Inc.  in  Edison,  N.J. 
The  software  would  let  him 
streamline  how  users  send 
e-mail  to  multiple  recipients. 

Currently,  some  users  send 
broadcast  e-mails  that  devour 
costly  bandwidth.  Bulis  would 
like  to  set  up  listservs,  which 
would  reduce  storage  and 
message  distribution  needs. 
The  changes,  which  Bulis 
wants  to  implement  during 
the  next  five  years,  will  affect 
about  25,000  users  worldwide. 


that  corporate  users  typically 
request  them. 

Louis  said  KeyCorp  has  re¬ 
quested  hot  fixes  related  to 
Dynamic  Host  Configuration 
Protocol  and  Domain  Name 
System  over  the  past  36 
months,  and  the  company  will 
weigh  the  potential  risks  that 
would  be  corrected  with  non¬ 
security  hot  fixes  and  decide 
what  support  it  will  need  go¬ 
ing  forward. 

Dwight  Davis,  an  analyst  at 
Boston-based  Summit  Strate¬ 
gies  Inc.,  criticized  Microsoft’s 
decision  to  fragment  the  NT 
Server  support  extension.  He 
said  it  could  confuse  custom¬ 
ers  and  “diminish  the  glowing 
aftereffect”  that  Microsoft 
hoped  to  gain  from  the  other- 


Notes-worthy 


Vendors  that  provide  add-ons 
for  Lotus  software  include: 

DYS  ANALYTICS:  Improved 
administration  and  manage¬ 
ment  applications 

BINARYTREE:  Notes  and 
Domino  migration  and  con¬ 
solidation  tools 

BRIGHT  IDEAS  SOFTWARE: 
Listserv  management  tools 

TEAMWORK  SOLUTIONS: 
Workflow  add-ons 


“Some  of  this  is  vaporware,” 
he  said.  “But  generally,  half  of 
vaporware  makes  it  to  reality.” 

Nicholas  Behrmann,  global 
messaging  manager  at  General 
Motors  Corp.,  was  investigat¬ 
ing  administration  and  man¬ 
agement  tools  for  Notes  and 
Domino  to  help  reduce  costs 
and  improve  service. 

Part  of  his  mission  was  to 
look  over  tools  that  could  be 
used  by  GM’s  IT  outsourcer. 
Electronic  Data  Systems  Corp. 
“I’d  rather  have  them  purchase 
a  tool  set,  rather  than  reinvent 
the  wheel,”  Behrmann  said. 
Among  the  products  he 
checked  out  was  Netherlands- 
based  AedifiComm  BV’s 
WorkplaceControl  for  Notes. 


wise  positive  changes. 

The  changes  will  affect 
many  companies.  Tom  Bitt- 
man,  an  analyst  at  Gartner  Inc. 
in  Stamford,  Conn.,  estimated 
that  50%  to  70%  of  the  Win¬ 
dows  server  operating  system 
installed  base  is  still  NT  4.0. 

O’Brien  claimed  that  only 
35%  to  40%  of  the  Windows 
server  installed  base  is  NT  4.0. 
He  said  extending  key  support 
provisions  was  common  sense 
“if  you  want  to  have  a  relation¬ 
ship  with  these  customers  for 
the  next  seven  to  10  years.” 

Rob  Enderle,  an  analyst  at 
Giga  Information  Group  Inc., 
said  he  thinks  Microsoft  also 
has  seen  customers  turn  to 
Linux,  based  on  feedback  his 
firm  is  getting  from  clients,  ft 


Perry  Hiltz,  Lotus  adminis¬ 
trator  at  chemical  company 
Henkel  Corp.  in  Gulph  Mills, 
Pa.,  wants  to  consolidate  do¬ 
mains  for  Notes  to  reduce  the 
complexity  of  his  systems. 

One  possible  solution:  the 
Common  Migration  Tool  for 
Notes  Domains  package  from 
BinaryTree  Inc.  in  New  York. 

“This  basically  does  every¬ 
thing  we’ve  been  doing  in  a 
manual  way,”  Hiltz  said.  He 
said  it  would  let  him  conduct 
migration  processes  from  his 
desk,  without  having  to  travel. 
It  would  cost  $50,000  to  de¬ 
ploy,  but  its  long-term  savings 
would  result  in  a  payback. 

Joe  Sise,  Notes  administra¬ 
tor  for  the  Brunswick  Boat 
Group  in  Knoxville,  Tenn.,  was 
looking  at  Notes  management 
tools  from  DYS  Analytics  Inc. 
in  Wellesley,  Mass.,  and  re¬ 
searching  spam  Fixes  for  his 
3,500  users.  Spam  is  “an  in¬ 
creasing  problem,”  he  said. 
“We’ve  tried  to  filter  it. . . .  But 
it’s  like  sand  in  your  hand.  You 
get  some  of  it,  but  most  of  it 
falls  through.”  ft 


NO-FRiLLS  E-MAIL 

IBM  will  offer  a  cheaper-than-Notes  prod¬ 
uct  to  extend  e-mail  access  to  all  workers: 

QuickLink  a2870 
www.ccmputerworfd.com 


Niche  Vendors  Catch 
Users’  Eyes  at  Lotusphere 
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Bug  Chase  Bungle 

AYBE  YOU  MISSED  THIS  NEWS  last  week  amid  all 
the  hubbub  about  the  Slammer  worm:  Security  re¬ 
searcher  Next  Generation  Security  Software  Ltd. 
(NGS)  said  it  will  stop  sharing  information  with  the 
CERT  Coordination  Center,  the  government-funded 
clearinghouse  that  tracks  viruses,  worms  and  other  security  prob¬ 
lems  [QuickLink  a2860].  So  what?  Well,  when  NGS  finds  a  security 
hole,  it  will  notify  its  clients  and  the  software  vendor,  but  not  CERT. 
Which  sounds  pretty  selfish  of  NGS  —  until  you  consider  whom 
CERT  was  passing  the  information  along  to. 


That  would  be  some  of  NGS’s  competitors 
and  potential  clients.  And  they’ve  typically 
been  getting  the  information  before  CERT  noti¬ 
fies  the  public  about  a  security  problem. 

Here’s  how  it  works:  When  a  bug  chaser  like 
NGS  finds  a  security  problem,  the  company 
warns  its  clients  (who  pay  for  the  service)  and 
the  vendor  involved  (who  has  to  fix  it).  Then 
the  bug  chaser  tells  CERT,  so  CERT  can  con¬ 
firm  the  problem  and  prepare  its  own  alert. 

The  public  isn’t  usually  told  for  45  days,  so  the 
vendor  has  time  to  develop  a  patch. 

At  least  that’s  how  it’s  supposed  to  work.  But 
since  April  2001,  CERT  has  also  made  vulnera¬ 
bility  reports  immediately  available  to  the  In¬ 
ternet  Security  Alliance,  a  CERT-sponsored 
group  whose  member  companies  pay  dues 
ranging  from  $3,000  to  $70,000  per  year.  None 
of  that  money  goes  to  the  bug  chasers;  it  all 
goes  to  CERT. 

While  that  fact  isn’t  a  secret,  it  wasn’t  widely 
known.  At  least  the  people  at  NGS  didn’t  know 
that  when  they  gave  away  their  best  stuff  to 
CERT,  CERT  was  selling  it  on  the  side.  No 
wonder  NGS  wasn’t  happy  when  it  finally  real¬ 
ized  what  was  going  on. 

The  upshot?  CERT  loses  early  ac¬ 
cess  to  a  major  bug  chaser’s  work. 

Now  CERT  will  find  out  about 
NGS’s  research  when  NGS  issues 
an  advisory,  like  the  rest  of  us. 

And  IT  people  lose  confidence  in 
CERT  as  the  clearinghouse  for  the 
most  up-to-date,  comprehensive  IT 
security  information. 

But  it  gets  worse.  It  turns  out  oth¬ 
er  bug  chasers  already  knew  what 
NGS  just  found  out.  They’ve  been 
withholding  their  security  research 
from  CERT,  too.  T  hey  just  haven’t 
made  a  big  deal  about  it. 
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So,  at  a  time  when  worms,  viruses  and  other 
threats  are  rising,  CERT’s  usefulness  as  a 
source  for  security  information  is  collapsing. 

And  in  exchange  for  this  loss  in  credibility, 
what  does  CERT  get?  A  few  million  dollars. 

I  prefer  full  disclosure  of  security  holes,  so 
IT  shops  can  make  their  own  best  security  de¬ 
cisions.  But  I  also  understand  that  security  re¬ 
searchers  have  to  make  a  living  by  selling  what 
they’ve  worked  hard  to  discover.  They  can’t  af¬ 
ford  to  give  it  away  to  their  competition. 

Which  means  IT  shops  now  face  a  choice. 

We  can  become  clients  of  one  or  more  security 
research  outfits,  if  we  really  need  that  level  of 
security  information.  Or  we  can  make  do  with 
the  bulletins  coming  from  individual  security 
companies  and  patches  issued  by  vendors.  But 
we  can  no  longer  assume  CERT  is  the  place  to 
go  for  the  best  information. 

CERT  has  a  choice,  too.  CERT  can  keep  pass¬ 
ing  along  vulnerability  reports  to  the  Internet 
Security  Alliance  —  guaranteeing  that  CERT 
won’t  get  most  information  from  bug  chasers. 

Or  CERT  can  restore  its  credibility  by  killing 
that  program  and  finding  another  way  to  get 
the  few  million  dollars  it  currently  generates. 

Maybe  the  money  could  come 
from  the  government’s  new  home¬ 
land  security  budget.  That  would 
be  a  cheap  way  of  making  Ameri¬ 
ca’s  IT  infrastructure  safer. 

Or  maybe  it  could  be  donated, 
no  strings  attached,  by  some  high- 
tech  billionaire  —  say,  a  chief  soft¬ 
ware  architect  who  feels  directly 
responsible  for  the  kinds  of  securi¬ 
ty  messes  that  CERT  should  be 
helping  to  clean  up.  It  would  be 
good  PR,  and  at  a  few  million  a 
year,  dirt  cheap. 

Bill  wouldn’t  even  miss  it.  I 


Unclear  on  the  Concept 

When  will  the  new  spam  filters  be  working?  software 
development  chief  asks  IT  VP  pilot  fish.  “I  just  logged 
onto  my  Hotmail  account,  and  it's  still  clogged  with 
spam.”  Fish  gently  points  out  that  the  filters  work  only 
on  the  company  s  own  maijjjjervers,  not  a  personal 
Hotmail  account.  “Well,  I  know,”  sputters  red-faced 
software  chief.  “But  I  accessed  it  from  here  at  work!” 


Get  Back! 

Hard  disk  on 
this  executive’s 
laptop  has 
failed,  and  his 
most  important  e-mail 
folder  may  be  gone.  “But 
don’t  worry,”  he  tells 
support  pilot  fish.  “I  had 
a  backup  plan.  When¬ 
ever  I  got  something  re¬ 
ally  important  I’d  e-mail 
a  copy  to  myself  and  put 
ft  in  a  different  folder.” 
Fish  groans,  “Which  was 
actually  located  on  the 
same  hard  drive.” 

Picture  This 

New  not-very-techie  IT 
boss  complains  to  help 
desk  pilot  fish  that  his 
new  laptop’s  DVD  player 
welt  work  with  CDs. 
“It’s  not  backwards- 
compatible,”  he  says.  As 
fish  watches,  tBjBiil 
puts  in  a  CD,  and  music 
begins  playing.  So 
what’s  the  problem?  fish 
asks.  “Yeah,  there’s 
sound,”  boss  says,  “but 
no  picture!” 

Heavy  Equipment 

This  telco  is  getting  into 
the  data  networking 
business,  and  the  VP  of 
IT  insists  on  leading 
technical  sales  meet¬ 
ings,  says  a  pilot  fish 
who  attended  one. 
Things  are  running  fine 
until  one  engineer  sug¬ 
gests  replacing  all  the 
customer’s  existing 
hardware  with  racks 
of  new  equipment  -  or 


as  he  puts  ft, 
“What  about 
a  forklift 
upgrade?” 
“Let’s  not  get 
into  that  here,”  VP  says. 
“We’re  only  interested  in 
providing  the  communi¬ 
cations  equipment1” 

Mind  Reader 

Six  weeks  into  this  ill- 
conceived  data  ware¬ 
house  project,  every¬ 
thing  is  behind  schedule, 
says  die  pilot  fish  who’s 
the  only  one  working  on 
ft.  Finance  department 
manager  tells  him, 
“You’ve  been  working  on 
this  for  the  last  six 
weeks  and  have  not  met 
any  of  our  deadlines.  To 
get  a  better  idea  of  the 
current  situation,  I  ask 
you,  what  hasn’t  been 
completed  that  we  as¬ 
sume  you  completed?” 

Weil,  He  Was 

Job-hunting  pilot  fish 
wants  to  be  on  time  for 
his  interview,  so  on  Sat¬ 
urday  afternoon,  he 
takes  a  drive  to  find  the 
right  building.  He  does  - 
and  to  his  surprise,  there 
are  two  guys  standing 
outside,  so  fish  strikes 
up  a  conversation.  “You 
have  an  interview?”  one 
asks.  “For  what  job?”  IT 
director,  fish  says.  “I  bet 
Joe  would  like  to  know 
about  that,”  he  tells  his 
companion,  then  ex¬ 
plains  to  fish,  “Joe’s  the 
director  of  IT  now.” 


SHARK 

TANK*. 


OFEED  THE  SHARK!  Send  your  true  tale  of  IT  life  to 
sharky@computerworid.com  You  snag  a  snazzy 
Shark  shirt  if  we  use  it.  And  check  out  the  daily  feed,  browse 
the  Sharkives  and  sign  up  for  Shark  Tank  home  delivery  at 
computerworfcl.com/sharky 


Want  to  cut  your  IT  costs  without  sacrificing 
performance?  PRIMEPOWER  Servers  from  Fujitsu. 


The  secret  is  out.  PRIMEPOWER  “Solaris “-compatible 
I  servers  from  Fujitsu' deliver  a  major  breakthrough  in 
I  price/performance  compared  to  our  more  famous 
f  f§;  I  competition.  Want  proof?  PRIMEPOWER  servers  offer 
such  an  advantage  that  the  world’s  leading  com¬ 
panies  use  them  to  boost  their  performance.  And  there’s  a 
PRIMEPOWER  server  that’s  right  for  any  application  you  need  — 
from  single  CPU,  rack-mounted  servers  to  enterprise-ready 
systems  that  scale  to  1 28  CPUs  for  unsurpassed  performance  in 
the  data  center. 


Of  course,  it’s  not  just  the  hardware  you’re  buying.  It’s  also 
Fujitsu’s  30+  years  of  experience  supporting  high-perform¬ 
ance,  mission-critical  systems.  We’ve  already  helped  many 
companies  consolidate  their  IT  infrastructures  and  lower  their 
Total  Cost  of  Ownership.  Our  free  white  paper.  The  Why  and 
How  of  Server  Consolidation,  explains  how.  Get  your  copy  at 
www.ftsi.fujitsu.com/ad.  Or  call  (877)  905-3644. 


FUJITSU 

THE  POSSIBILITIES  ARE  INFINITE 


02002  Fuptsu  Corporation  Limited  Fujitsu  and  the  Fujitsu  logo  are  registered  trademarks  of  Fujitsu  Limited  PRIMEPOWER  is  a  trademark  or  registered  trademark  of  Fujitsu  Limited  m  the  United  States  and  other  countries 
Solans  is  a  trademark  or  a  registered  trademark  of  Sun  Moosystems.  Inc.  «  the  United  States  and  other  countries. 


DB2.  A  SELF-STARTER 
THAT  SELF-MANAG ING, 
SELF-HEALING 
SORT  OF  WAY. 
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What  keeps  databases  in  game  shape?  DB2  v8,  the  most  advanced  self-managing 
database  across  Linux?  UNIX®  and  Windows®  Turbocharged  querying  and  tuning 
saves  time,  resources  and  pushes  productivity  skyward.  And,  no  matter  what  form 
your  data  is  in,  it  lets  you  access,  analyze  and  manage  it.  DB2.  It’s  part  of  the  software 
team  that  includes  Lotus?  Tivoli*  and  WebSphere®  Learn  more  at  ibm.com/db2/new 


@  business  is  the  game.  Play  to  win1: 


IBM,  DB2,  Lotus,  Tivoli,  WebSphere,  the  e-business  logo  and  e-business  is  the  game.  Play  to  win  are  registered  trademarks  or  trademarks  of  International  Business  Machines 
Corporation  in  the  United  States  andfor  other  countries.  Linux  is  a  registered  trademark  of  Linus  Torvalds.  UNIX  is  a  registered  trademark  of  The  Open  Group  in  the  United 
States  andfor  other  countries.  Windows  is  a  registered  trademark  of  Microsoft  Corporation  in  the  United  States  andfor  other  countries.  ©2002  IBM  Corporation.  All  rights  reserved. 


